zlacker

[return to "'Text bomb' is latest Apple bug"]
1. devit+G8[view] [source] 2018-01-18 16:00:43
>>Harvey+(OP)
Based on a web search, https://bogdanz.me/work/diddu.html might be a working mirror of the proof of concept.

It appears to contain a 10MB long UTF-8 mess in both the og:title meta content and in a mailto: link.

I'd guess it's supposed to crash iOS apps by either posting that link if it displays links in a thumbnail element using og:title or otherwise by pasting the huge mailto link contained in the webpage, or perhaps only the e-mail address.

◧◩
2. netsha+89[view] [source] 2018-01-18 16:03:55
>>devit+G8
Hah. View-Source takes forever to load (in Vivaldi). Wget says it's a 20 MB file. Opening it in Joe in Cygwin kills the Cygwin process. Neat.

Also the href attribute inside the <link rel="apple-touch-icon"> points to a HTML URL, but that returns a 404...

[go to top]