Typing Secret Word Will Kill Almost Any App in Apple's OS X Mountain Lion
February 4, 2013 6:38 AM
comment(s) - last by
"It just works." --Apple
While Microsoft Corp. (
) has received much admonishment for its various Windows bugs over the years, it is a dramatic new bug from the brash challenger of the the operating system world, Apple, Inc.'s (
OS X Mountain Lion
(10.8.2), which has people talking. The bug is startling simple, but it can crash almost any OS X app. All you have to do is type a word and a few characters.
I. Universal Crashes
The forbidden word is "File:///" (case sensitive). Type that in virtual any text input form (be it a notepad, a browser dialogue, a document editor, a calendar appointment, etc.) and the program will die. It appears that similar strings ("fILE:///" or "FILE://aa") can also trigger program crahes. In a bizarre twist, some crashes appear to be dependent on how fast you type certain variants (e.g. "File://" followed by characters). An
user named "Jonathan" shares a movie he made documenting that bizarre behavior
Among the programs confirmed to be infected are Tweetbot, Safari, Chrome, and TextEdit. The program appears to be tied somehow to some sort of deep-rooted API embedded into OS X (it appears not to be the spell-check API as the Safari location bar has no spell check, but is still affected).
In a particularly hilarious (or awful) failure, typing the problem string into Apple's Crash Reporter UI crashes the Crash Reporter.
Mountain Lion has a big bug. [Image Source: HD Wallpapers]
The bug does not affect OS X Lion (10.7) or Snow Leopard (10.6).
II. A Partial Fix?
A handful of apps, such as the image-editor Gimp, appear to be immune, perhaps because they disable whatever the trouble-making interface is. Typing the string in these apps will produce no crash.
Some users suggest that going to System Preferences > Language & Text > Text, and unchecking "Correct spelling automatically" and "Use symbol and text substitution" will stop the crashes in some apps. However, commenters say the apps continue in some programs even after doing that.
One loyal Apple user comments on the bug report:
This is actually a feature. It allows you to shut down all applications before shutting down your Mac:
Crashes Finder if typed into a Finder search field (not Spotlight, though). Crashes Safari if typed into the URL bar. Crashes Mail if typed into the search field. Crashes iTunes when typed into the search field. Crashes system-generated keychain unlock prompts (typed into the "Name:" field) Crashes Reminders if typed into the search field. ...
For now the bug is merely "interesting", but it also represents a potential security flaw. If malicious users start to use it in forms-based attacks, it could become a major headache for OS X users.
Apple for years marketed its products under the slogan "It just works", but has been
plagued with software issues
of late. Some blame Tim Cook, Apple's new CEO who replaced the late Steve Jobs, for the slipping quality. Apple's
iOS maps woes
drew a large amount of national news coverage late last year. Tim Cook
publicly apologized to his company's fans
for the poor showing.
We confirmed that the bug crashes both Safari and Searchlight. For us the Crash Reporter did not come up even:
...about to crash!
The shell/terminal program in OS X appears to be immune to the crashes:
We'll update if a patch lands.
This article is over a month old, voting and posting comments is disabled
RE: And that is why you sanitize your text input
2/4/2013 12:56:47 PM
Bingo. As soon as HR realized they had no idea how to effectively screen IT talent, they implemented the system of buzzwords we know and loathe today.
So now, if you have immense talent and experience, but you haven't been lucky enough to use the exact tool and language the job post is for (and you're not into lying on your resume') you're SOL. With the magic acryonyms and no talent, you can flit about picking up experience (ruining projects with) the most current and highly-rewarded skillsets.
Reference calls are useless as you can ask so little, and besides the guy who's eager to be rid of a useless weasel will gladly tell you he'd be glad to hire him again. Anything as long as YOU take him of his hands.
People who can claim some tangential relationship to the desired skillset are in. As you noted, the only way to really screen them is to make them show you. We use testing and a type of interview that demands the candidate provide relevant examples from his past. These can be fact-checked and their breadth and depth tells me whether the candidate is worthy, hopeless, or a liar.
"It seems as though my state-funded math degree has failed me. Let the lashings commence." -- DailyTech Editor-in-Chief Kristopher Kubicki
Quick Note: Apple Explains iPhone 5's Jimi Hendrix Effect
October 8, 2012, 9:54 PM
Apple CEO Tim Cook Apologizes for iOS 6 Maps Fiasco; Tells Customers to Use Bing, Google
September 28, 2012, 9:11 AM
Motorola Pokes Fun at Apple iOS 6 Users' Maps Misery
September 24, 2012, 1:00 PM
Apple Releases OS X 10.8 "Mountain Lion" for $20
July 25, 2012, 11:29 AM
Quick Note: Whoops, Microsoft Pushed Unwanted Windows 10 to Some Users
October 15, 2015, 9:04 PM
Quick Note: Windows 10 Insider Preview Build 10565 Fixes Boot Camp 6.0 Issues
October 13, 2015, 11:39 AM
Microsoft's HD-500 ("Display Dock"), the Magic Sauce Behind Continuum
October 6, 2015, 5:30 PM
Quick Note: Windows 10 Hits 110 Million Devices, VMs
October 6, 2015, 4:30 PM
Windows 10 on Raspberry Pi, IoT Devices Sees Developer Debut
August 12, 2015, 2:41 PM
Sony Issues Bizzare "Do Not Update" Edict to VAIO PC Owners
August 11, 2015, 9:42 PM
Latest Blog Posts
Sceptre Airs 27", 120 Hz. 1080p Monitor/HDTV w/ 5 ms Response Time for $220
Dec 3, 2014, 10:32 PM
Costco Gives Employees Thanksgiving Off; Wal-Mart Leads "Black Thursday" Charge
Oct 29, 2014, 9:57 PM
"Bear Selfies" Fad Could Turn Deadly, Warn Nevada Wildlife Officials
Oct 28, 2014, 12:00 PM
The Surface Mini That Was Never Released Gets "Hands On" Treatment
Sep 26, 2014, 8:22 AM
ISIS Imposes Ban on Teaching Evolution in Iraq
Sep 17, 2014, 5:22 PM
More Blog Posts
Copyright 2016 DailyTech LLC. -
Terms, Conditions & Privacy Information