backtop


Print 49 comment(s) - last by spaced_.. on Feb 12 at 3:50 AM

"It just works." --Apple

While Microsoft Corp. (MSFT) has received much admonishment for its various Windows bugs over the years, it is a dramatic new bug from the brash challenger of the the operating system world, Apple, Inc.'s (AAPL) OS X Mountain Lion (10.8.2), which has people talking.  The bug is startling simple, but it can crash almost any OS X app.  All you have to do is type a word and a few characters.

I. Universal Crashes

The forbidden word is "File:///" (case sensitive).  Type that in virtual any text input form (be it a notepad, a browser dialogue, a document editor, a calendar appointment, etc.) and the program will die.  It appears that similar strings ("fILE:///" or "FILE://aa") can also trigger program crahes.  In a bizarre twist, some crashes appear to be dependent on how fast you type certain variants (e.g. "File://" followed by characters).  An Open Radar user named "Jonathan" shares a movie he made documenting that bizarre behavior here.

Among the programs confirmed to be infected are Tweetbot, Safari, Chrome, and TextEdit.  The program appears to be tied somehow to some sort of deep-rooted API embedded into OS X (it appears not to be the spell-check API as the Safari location bar has no spell check, but is still affected).

In a particularly hilarious (or awful) failure, typing the problem string into Apple's Crash Reporter UI crashes the Crash Reporter.

Mountain Lion
Mountain Lion has a big bug. [Image Source: HD Wallpapers]

The bug does not affect OS X Lion (10.7) or Snow Leopard (10.6).

II. A Partial Fix?

A handful of apps, such as the image-editor Gimp, appear to be immune, perhaps because they disable whatever the trouble-making interface is.  Typing the string in these apps will produce no crash.

Some users suggest that going to System Preferences > Language & Text > Text, and unchecking "Correct spelling automatically" and "Use symbol and text substitution" will stop the crashes in some apps.  However, commenters say the apps continue in some programs even after doing that.

One loyal Apple user comments on the bug report:

This is actually a feature. It allows you to shut down all applications before shutting down your Mac:

Crashes Finder if typed into a Finder search field (not Spotlight, though). Crashes Safari if typed into the URL bar. Crashes Mail if typed into the search field. Crashes iTunes when typed into the search field. Crashes system-generated keychain unlock prompts (typed into the "Name:" field) Crashes Reminders if typed into the search field. ...

For now the bug is merely "interesting", but it also represents a potential security flaw.  If malicious users start to use it in forms-based attacks, it could become a major headache for OS X users.

Apple for years marketed its products under the slogan "It just works", but has been plagued with software issues of late.  Some blame Tim Cook, Apple's new CEO who replaced the late Steve Jobs, for the slipping quality.  Apple's iOS maps woes drew a large amount of national news coverage late last year.  Tim Cook publicly apologized to his company's fans for the poor showing.

Our Testing:

We confirmed that the bug crashes both Safari and Searchlight.  For us the Crash Reporter did not come up even:  

Searchlight is about to crash
...about to crash!

The shell/terminal program in OS X appears to be immune to the crashes:

Terminal OS X

We'll update if a patch lands.

Sources: "Jonathan", Open Radar



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

By Strike5150 on 2/5/2013 1:23:32 PM , Rating: 2
The blindingly obvious answer to your silly question is..... dun dun. Programs today are WAAAYYY more complex then assembly. Assembly is tricky and slimy and sometimes hard to understand, but these OO MONSTERS out there are rediculously huge and hard to comprehend in totality. Therefore moar bugs. This for me is the number one issue, ofcourse larger programmer base and number of people working the projects is also to blame.

I've coded on both sides of this equation and assembly/low level c is in many ways more reliable. Once it works it tends to keep on working.




"We are going to continue to work with them to make sure they understand the reality of the Internet.  A lot of these people don't have Ph.Ds, and they don't have a degree in computer science." -- RIM co-CEO Michael Lazaridis














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki