Update: Apple just releases the iOS 11.2.5 and macOS High Sierra 10.13.3, along with macOS Sierra 10.12.6 and OS X El Capitan 10.11.6 that are designed to address the Meltdown and Spectre vulnerabilities on macOS Sierra and OS X El Capitan.
According to MacRumors’ report, Apple confirmed that it would release a software update this week, to fix a known bug that could cause Messages and Safari apps to freeze when users click a new type of malicious link. The update is believed to be the final release of iOS 11.2.5, considering that the sixth beta of iOS 11.2.5 has rolled out to developers and indeed addressed the issue caused by the malicious link.
The malicious link was first discovered by software developer Abraham Masri, and he shared the news on Twitter last Tuesday afternoon. This attack possibly exploits a bug in Apple’s Unicode rendering engine, and affects both iOS and macOS devices. The good news is that the malicious link which was originally directed to a webpage on GitHub has been taken down by GitHub, to avoid the spread to more users.
The so-called ChaiOS bug is more like a prank, rather than the hack behavior that aims at stealing users’ data. Once users open the malicious link in mobile or desktop Safari, the browser could hangs or becomes unresponsive, and what’s worse, the device may freeze or even restart. If you incautiously tap the link received through the Messages app on your iPhone or iPad, it may freeze the app and even be able to delete the entire conversation. The fix is to force-quit the Messages app, and to delete the entire conversation that contains the link. Though you are not likely to be impacted at this point, remember that deleting the Messages conversation is a fix when receiving a text with a bad link, since by far the iOS 11.2.5 has not been released.
Apple is expected to release iOS 11.2.5 soon alongside with macOS High Sierra 10.13.3, watchOS 4.2.2, and tvOS 11.2.5. The sixth beta of the upcoming macOS High Sierra 10.13.3 update has been available for developers and public testers.