A new type of malware in the form of a string of Arabic characters forming no words has been discovered. Once entered or opened, the bug crashes Web browsers and other apps, highlighting a growing need for computer monitoring software.
Effects of the bug
Researchers have found the bug affects any application or Web browser using a specific type of program to render text. Those using this program include Safari and Google Chrome.
Users discovered Safari crashes in both OS X 10.8.4 as well as iOS 6.1.3 during attempts to read the string of characters. When entered into a browser through Chrome, users see Google’s usual error page, however experts said Chrome’s sandbox implementation prevents the takedown of the entire browser.
Firefox, on the other hand, uses a different type of text rendering program and is unaffected by the bug, displaying the Arabic letters without issue.
Mobile phones have also been affected by the character string when sent through an SMS message. Since nearly all messaging apps display previous messages each time they are opened, many phones are forced into a crash loop each time the app is reloaded.
E-mail programs were affected similarly, particularly when the characters appeared in subject lines. The bug was also triggered when contained in the name of a wireless network, as anytime a device would search for connections, the character string would be displayed.
Social networking sites have also taken notice of the new bug. Twitter users dubbed the string of Arabic characters “the unicode of death.” Furthermore, Facebook disallowed the specific string of characters from being posted almost immediately after the bug became public. When users attempted to post the characters on other user’s walls or timelines, Facebook would display a “message failed” notification, alerting the user that the content had been blocked by their security system.
Fighting off the bug
Although annoying, security researchers said tech users should be thankful the bug isn’t being used for more malicious purposes, such as triggering a specific malware code.
“But to be absolutely clear, there is no evidence at this time that this can be leveraged for anything more than an application crash,” one researcher said.
While restart and restore systems help correct the issues after they occur, this recent software glitch highlights the need to employ other computer monitoring software as well. Experts advise installing patches to a computer network to avoid browser crashing. This type of layered security addresses vulnerabilities and updates programs, allowing for improved performance.
