zlacker

[return to "'Text bomb' is latest Apple bug"]
1. devit+G8[view] [source] 2018-01-18 16:00:43
>>Harvey+(OP)
Based on a web search, https://bogdanz.me/work/diddu.html might be a working mirror of the proof of concept.

It appears to contain a 10MB long UTF-8 mess in both the og:title meta content and in a mailto: link.

I'd guess it's supposed to crash iOS apps by either posting that link if it displays links in a thumbnail element using og:title or otherwise by pasting the huge mailto link contained in the webpage, or perhaps only the e-mail address.

◧◩
2. lawles+Hd[view] [source] 2018-01-18 16:31:17
>>devit+G8
Could someone just use some sort of fuzzing software to generate these?

Just keep trying many until one hits.

◧◩◪
3. UncleM+Se[view] [source] 2018-01-18 16:38:00
>>lawles+Hd
You can, but the number of possible inputs is huge and fuzzing won't prove that no such input exists.
[go to top]