Closed elaine-jackson closed 6 years ago
DFoxinator
commented
6 years ago Thanks for the heads up. We actually implemented this a few days ago. Some info here: https://devrant.com/rants/1215973/who-of-you-posted-that-telugu-character-that-crashes-the-iphone-thank-you-very-m
elaine-jackson
commented
6 years ago @DFoxinator Thanks, I've literally removed every social app from my phone but I figured since devrant is independently developed I'd give you guys a chance to hotpatch first :)
Thanks again for protecting your users, I've had to heavily reduce attack surface on my devices, this bug has been public for more than a week, having to use anything internet related in a Linux VM on macOS and simply not use social sites on my iPhone is unacceptable! Not your fault but thanks for protecting us at least :/
As the developers may or not know there is a character which can crash and brick iOS devices. See: https://venturebeat.com/2018/02/15/indian-character-crashes-ios-11-2-5-may-require-full-device-restore/ until Apple releases an update when requesting data from the API from an iOS Client the character should be stripped from the retrieved data before sending to the client. Thoughts?