Fix for ‘chaiOS’ Malicious Link Issue in Messages Coming Next Week
Apple has confirmed that a fix is coming next week for the “chaiOS” issue that allows a malicious link to freeze the Messages app on iOS devices.
A software update coming next week will fix an issue that allows a malicious link to freeze the Messages app on the iPhone and iPad, Apple confirmed to MacRumors this morning.
Apple is likely talking about iOS 11.2.5, which is nearing the end of the beta testing period. iOS 11.2.5 beta 6, as we discovered yesterday, does indeed address the issue and prevents the malicious link from working.
The public release of iOS 11.2.5 is expected to happen next week. We should also see the public release of macOS High Sierra 10.13.3, watchOS 4.2.2, and tvOS 11.2.5 at the same time.
Users who receive the link in the in their Messages app see the app freeze completely. Users then have to quit the app and then delete the conversation that contains the malicious app in order to allow the Messages app to recover. Users need not actually tap on the link to open it to cause the crash, due to Messages’ URL preview functionality.
The malicious link went to a page on GitHub, but the malicious page has been taken down. This should prevent any issues based on this software flaw, unless someone else posts a similar page and begins sending the link out. Watch out for texts from any particularly mischievous users in your contact lists, or from unknown parties.