Print 49 comment(s) - last by spaced_.. on Feb 12 at 3:50 AM

"It just works." --Apple

While Microsoft Corp. (MSFT) has received much admonishment for its various Windows bugs over the years, it is a dramatic new bug from the brash challenger of the the operating system world, Apple, Inc.'s (AAPL) OS X Mountain Lion (10.8.2), which has people talking.  The bug is startling simple, but it can crash almost any OS X app.  All you have to do is type a word and a few characters.

I. Universal Crashes

The forbidden word is "File:///" (case sensitive).  Type that in virtual any text input form (be it a notepad, a browser dialogue, a document editor, a calendar appointment, etc.) and the program will die.  It appears that similar strings ("fILE:///" or "FILE://aa") can also trigger program crahes.  In a bizarre twist, some crashes appear to be dependent on how fast you type certain variants (e.g. "File://" followed by characters).  An Open Radar user named "Jonathan" shares a movie he made documenting that bizarre behavior here.

Among the programs confirmed to be infected are Tweetbot, Safari, Chrome, and TextEdit.  The program appears to be tied somehow to some sort of deep-rooted API embedded into OS X (it appears not to be the spell-check API as the Safari location bar has no spell check, but is still affected).

In a particularly hilarious (or awful) failure, typing the problem string into Apple's Crash Reporter UI crashes the Crash Reporter.

Mountain Lion
Mountain Lion has a big bug. [Image Source: HD Wallpapers]

The bug does not affect OS X Lion (10.7) or Snow Leopard (10.6).

II. A Partial Fix?

A handful of apps, such as the image-editor Gimp, appear to be immune, perhaps because they disable whatever the trouble-making interface is.  Typing the string in these apps will produce no crash.

Some users suggest that going to System Preferences > Language & Text > Text, and unchecking "Correct spelling automatically" and "Use symbol and text substitution" will stop the crashes in some apps.  However, commenters say the apps continue in some programs even after doing that.

One loyal Apple user comments on the bug report:

This is actually a feature. It allows you to shut down all applications before shutting down your Mac:

Crashes Finder if typed into a Finder search field (not Spotlight, though). Crashes Safari if typed into the URL bar. Crashes Mail if typed into the search field. Crashes iTunes when typed into the search field. Crashes system-generated keychain unlock prompts (typed into the "Name:" field) Crashes Reminders if typed into the search field. ...

For now the bug is merely "interesting", but it also represents a potential security flaw.  If malicious users start to use it in forms-based attacks, it could become a major headache for OS X users.

Apple for years marketed its products under the slogan "It just works", but has been plagued with software issues of late.  Some blame Tim Cook, Apple's new CEO who replaced the late Steve Jobs, for the slipping quality.  Apple's iOS maps woes drew a large amount of national news coverage late last year.  Tim Cook publicly apologized to his company's fans for the poor showing.

Our Testing:

We confirmed that the bug crashes both Safari and Searchlight.  For us the Crash Reporter did not come up even:  

Searchlight is about to crash
...about to crash!

The shell/terminal program in OS X appears to be immune to the crashes:

Terminal OS X

We'll update if a patch lands.

Sources: "Jonathan", Open Radar

Comments     Threshold

This article is over a month old, voting and posting comments is disabled

By Master Kenobi on 2/5/2013 5:48:10 PM , Rating: 2
It's a problem that requires you to be "creative" as you won't find code examples that do EXACTLY what the FizzBuzz test asks in any textbook. You might find ones that can tell you if W is a multiple of X or Y, but it won't get them to the W is a multiple of Z without tripping X or Y (X and Y are both multiples of Z).

The simple solution that most programmers out of school can't comprehend is to do the problem in reverse (The problem is deliberately given so that you ask to check for X then Y then Z). Check for it being a multiple of Z then X then Y (X and Y check order is of no consequence usually) and print the appropriate response to screen.

Writing code isn't hard, solving a real problem using programatic logic is. A basic grasp of mathematics is also required for this particular question and if you don't have that you can get out of IT/Programming now and save yourself a whole lot of embarassment.

RE: And that is why you sanitize your text input
By mik123 on 2/5/2013 8:56:05 PM , Rating: 2
I don't know which textbooks you're talking about, the one I use has plenty of challenging problems.
Last fall I took the very first 'introduction to programming' class for freshmen. On the exam, we had to code a particular method to find prime numbers within a range. Same type problem as "FizzBuzz", but a lot more complicated.
This quarter we're doing text processing exercises which strain my brain even more.

I just don't understand how could one get through freshman year in CS if he struggles with such trivial problems. If they require one to be "creative" then what I'm solving right now requires one to be "genius" (and I'm definitely not a genius, lol).

By Master Kenobi on 2/6/2013 12:00:09 AM , Rating: 2
On the exam, we had to code a particular method to find prime numbers within a range. Same type problem as "FizzBuzz", but a lot more complicated.

If you're having problems generating prime numbers in a range it isn't your programming that has a problem it is your mathematics. Prime numbers are easy to generate, the tricky part is doing it without a huge performance hit once you move into the really stupidly high number ranges. Again, there are formulas that can be implemented to handle it quite easily. If you aren't familiar with the Euler challenges for Python, I encourage you to look into it.

This quarter we're doing text processing exercises which strain my brain even more.

Not to rain on your parade here but text processing is extremely simplistic. I'm not sure why it remains one of the largest areas of weakness for programmers, but I'm betting it's because most of them stick with the C/C++ style disciplines and never move into areas like PL/SQL and other database types where processing huge amounts of text and other data is standard fare. The really good database programmers can write systems that chunk through terabytes of data like it's nothing.

As for what you are doing right now, it simply requires you to be better in mathematics and pattern analysis, the coding part is ALWAYS the easiest part of programming.

Personal disclaimer: I can't stand anyone writing code in "academia". Most Professors in college within the Computer Science field of study are no talent hacks that couldn't cut it in the real world. Academics produce code that is usually very neat to read, yet sets records for how slow, inefficient and unscalable software can be. I've not hired anyone fresh out of college in years and prefer not to. Experience in the field and the results of past projects/contracts speaks volumes.

By mik123 on 2/7/2013 1:44:55 PM , Rating: 2
For that particular problem with prime numbers we were given the exact algorithm how to do it (Sieve of Eratosthenes). The task was to implement it in C++. For me it was somewhat challenging, perhaps because I'm not yet used to thinking like a programmer. But even to someone as new as I am, the FizzBuzz problem looks almost trivial.

Thanks for the Project Euler suggestion, it's interesting - some problems look really easy, others I don't even know where to start. That site will keep me occupied for a while!

I don't understand your frustration with academia. Professors' job is to teach and direct research, not to crank out highly polished code. Academia provides an environment to investigate new ideas. Besides, computer scientist != software developer != good teacher. I think we need all 3 types of people.

"Folks that want porn can buy an Android phone." -- Steve Jobs

Most Popular ArticlesAre you ready for this ? HyperDrive Aircraft
September 24, 2016, 9:29 AM
Leaked – Samsung S8 is a Dream and a Dream 2
September 25, 2016, 8:00 AM
Yahoo Hacked - Change Your Passwords and Security Info ASAP!
September 23, 2016, 5:45 AM
A is for Apples
September 23, 2016, 5:32 AM
Walmart may get "Robot Shopping Carts?"
September 17, 2016, 6:01 AM

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki