this post was submitted on 22 Aug 2024
113 points (87.4% liked)

Technology

59662 readers
3035 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 33 points 3 months ago (2 children)

Sounds like SQL injection, actually more like a JSON injection... As if it's trying to concatenate the input directly inside the value of a JSON dictionary, without proper escaping and/or encoding (base64 or hex, for example).

Possibly the input is being stored for user history (and, therefore, auto completion) purposes? Be it or not, something JSON-related is taking place here, from a kernel level or sufficiently deep so to cause a kernel crash (and rebooting).

(Sorry for jargons, I'm a developer seeing this issue through a developer lens)

[–] [email protected] 10 points 3 months ago* (last edited 3 months ago)

This is not a kernel panic and associated reboot. It simply crashes the SpringBoard, which is kinda like the "desktop environment" of iOS. It's responsible for the homescreen, and calls other processes like the window server. It's a normal userspace process, not related to the kernel at all.

Edit: Sorry I actually meant to link to this wiki page https://www.theiphonewiki.com/wiki//System/Library/CoreServices/SpringBoard.app

[–] [email protected] 2 points 3 months ago

Yeah, since the last character can be anything, it certainly seems JSON-related. If it wasn't, SQL could be on the table ("":: is how you convert types).

Good eye. I find it incredibly odd that JSON would be involved in any way here, but that does seem like a logical idea.