In a nutshell: An upcoming public firmware update from Apple will likely mention a bug involving specific character combinations in its changelog. Although the issue appears mostly harmless for now, similar exploits in the past have been used to crash devices and create new vulnerabilities.
Apple device users recently discovered a minor bug that causes the Settings screen and home screen to crash. While no serious issues have been reported so far, a fix in a future firmware update would not be surprising.
Swiping right on the iOS home screen until the app library appears, and then typing the characters "::" into the search bar, causes Springboard – the software that handles the main menu – to crash. A black screen with a loading icon briefly appears before the device returns to the lock screen.
Additionally, entering the same characters into the search bar at the top of the Settings menu crashes the app, immediately sending users back to the home screen. However, the bug can be triggered by variations of this character combination as well.
Security researchers have found that nearly any combination involving two quotation marks, one colon, and any other character can trigger the same effect. For example, typing "X":X also causes the issue. TechSpot confirmed that the bug occurs on iPhones and iPads running firmware version 17.6.1, but Macs remain unaffected.
Researchers told TechCrunch that the issue doesn't pose a security threat. However, the bug may raise some concerns because it resembles more serious incidents from the past.
In 2015, a particular string of text caused stress when users discovered it could lock them out of the Messages app or even reboot the iPhone. In 2017, users found they could remotely crash an iPhone or iPad by sending a specific combination of emojis over iMessage, iCloud, and the Notes app. Another crash triggered by a text string appearing in notifications emerged in 2020.
Similar remote exploits have allowed hackers to transmit spyware through zero-click attacks. Programs like Pegasus forced Apple to implement security measures to protect sensitive targets, such as journalists and diplomats.
Google Pixel phones also recently encountered a dangerous firmware-level flaw where a hidden app accessed insecure servers, making devices vulnerable to man-in-the-middle attacks.
Fortunately, the recent iOS bug can only be triggered by someone physically using the device, so the potential risk remains limited.