Apple’s iMessage system is being exploited by a supposed AppleScript that has the potential to flood up a user’s account and crash the service. A report by The Next Web says the denial of service lock up is being targeted at a group of small developers right now, but paints a larger potential to reach a wider userbase.
Right now, the incident seems confined to the jailbreak community (any device, jailbroken or otherwise, can be a target). The AppleScript, as demonstrated by app developer iH8sn0w, is capable of flooding a person’s iMessage account so severely that the app could crash. Or, at the very least, messages could come so frequently that it would make the experience very limited because of the amount of notifications.
“What’s happening is a simple flood: Apple doesn’t seem to limit how fast messages can be sent, so the attacker is able to send thousands of messages very quickly,” said iOS developer Grant Paul. Paul also explains that users can send complex message using unicode characters to crash the app to crash and unable to reopen.
While this issue is so far only confined to a small number of users, the potential to be used more widely is there. Right now, there’s no way to block a specific iMessage sender, so if someone knows your account info, you’re open to attack. Of course, you can disable your iMessage number and handle, but that’s not exactly the solution people will be ok with in the long run.