Uh oh! Another Unicode attack is messing up a popular messaging platform. This time it’s Apple’s own Messages app being hit by what has come to be called the “Black Dot” bug.
We know iPhones and iPads running
iOS 11.3 and
11.4 beta are affected, and it’s highly likely that Apple Watch and Apple TV are as well. Messages on the Mac might be affected as well, but the greater resources of the Mac could give you the ability to quickly delete the message thread before the app becomes totally unresponsive.
Here’s what is happening: Users can send you an iMessage (not SMS text) filled with so many invisible Unicode characters that, when your iPhone or iPad tries to read the message, it chokes on the massive amount of memory and CPU cycles required to process all of it. Messages will lock up, and while you might be able to close the app, it will crash again as soon as you re-open it and the message is displayed again.
Why it’s called the ‘Black Dot’ bug: A similar Unicode bug was recently spread in
WhatsApp with the emojis <⚫️>??and a warning not to touch the black dot. If a user did, it would expand the hidden unicode and crash the app. The current iOS bug operates a bit differently, but is being spread with the same symbol. So, while neither attack technically has anything to do with the black dot emoji, they have taken on its name.
What to do if you get hit: If someone sends you the “Black Dot” message and locks up Messages on your iPhone or iPad, there are a few workarounds to regain control. They all involve the same goal—get the message off the screen so it’s not rendered when you re-open the app, and then delete the message conversation so it doesn’t crash when you scroll back and the message is displayed again. Here’s the method we suggest:
Force-quit the Messages app.
- Ask Siri to send a message to the person who sent you the Black Dot. Make sure you send multiple messages or a very long message that will knock theirs off the screen.
- 3D-Touch on Messages and select New Message, then hit Cancel in the top-right corner of the new message to get back to the conversations list.
- Delete the conversation containing the Black Dot attack (swipe left and tap Delete).
If you have another device synced to the same iCloud account, you may be able to open Messages on it directly to the conversations list, without opening the Black Dot message, and delete the conversation from the list there.
The bug is serious, but not yet widespread; the <⚫️>??message itself isn’t the payload, but rather a secret string of invisible Unicode characters hidden within it are. So it’s not quite so easy to spread as it might at first appear. Still, it’s now public enough that we can probably expect a fix very soon. That may be an iOS 11.3.2 release, or it might be a final (and fixed) version of iOS 11.4, which is likely nearing the end of its beta testing cycle anyway.