There is a video circulating online that when played once can temporarily stop your iPhone or iPad from working. The only way to get affected devices working again is to run a hard reset to bring them back to life.
The video consists of a seemingly innocuous .mp4 clip. It shows someone standing by a bed with the words 'Honey' written across the screen. It seems to have originated from the Sina Weibo-backed video-sharing app Miaopai. It is now being distributed through social networks, forums and elsewhere.
What happens when you play the clip is that your iPhone will continue to work normally for a minute or two, before becoming increasingly sluggish until it eventually stops working. The problem seems to impact all current iPhones back to iOS 5.
So, what’s happening? The video is evidently corrupt and stuck in some kind of unresolvable loop. To oversimplify what happens, this means that when you quit playback your iPhone continues to try to grapple with the loop, which eats more and more system memory until the device crashes. This is because the video exploits a flaw in iOS memory management on the device. Apple faces continued problems with memory leaks in browsers. The good news is that this is not a tough problem to resolve.
What to do if you watch the clip
If you’ve watched the clip and your device stops working, try a hard reboot.
On the iPhone 7: Tap and hold the power and volume decrease buttons at the same time until the Apple logo appears (more here).
On other iOS devices: Tap and hold the power and Home buttons at the same time until the Apple logo appears.
When the logo appears let go of the buttons and your device should restart normally.
While it seems easy enough to resolve the problem that is created when you play the clip, it’s probably best to avoid it. We don’t really know where the clip came from or why it crashes iOS, or if there is something more malicious behind all of this. Apple will soon introduce a software patch for the problem, but until then iOS users should avoid clicking on .mp4 video links if they don’t know what the clip is or where it came from. (No matter which platform you use it’s usually best not to click on a link unless you know where it came from).
Don’t be complacent
Apple’s platforms are highly secure, but events like this illustrate that no one on any platform should ever be complacent about device security.
The inconvenient truth is that as governments across the world begin to insist that mobile devices be rendered insecure by design through the forced inclusion of back doors to enable warrantless state surveillance of our devices, problems like these are only going to grow in scale. Once such back doors do exist you can guarantee the bad guys will find and use them.
That’s why it makes sense to use encrypted communication systems, private browsing tools such as private browsing in Safari or Firefox Focus, tough password protection and VPN services, such as Nord VPN.
It’s also potentially time banks spoke with Apple and others offering biometric protection in order to develop completely secure protections around mobile banking. (Think about using TouchID on a MacBook Pro to authorize an online banking transaction – which would have the effect of leaving your actual account and password details protected from any network surveillance).
Even with those kinds of protections in play, this new video playback flaw would still have impacted some users. All the same, its sudden appearance underlines the random nature of risk in the connected age, protection against which demands we adopt a 24/7 security-conscious approach to mobile device usage.
As overall secuity is diminished by design, then random attacks will become the mobile reality.
Google+? If you use social media and happen to be a Google+ user, why not join AppleHolic's Kool Aid Corner community and join the conversation as we pursue the spirit of the New Model Apple?
Got a story? Drop me a line via Twitter or in comments below and let me know. I'd like it if you chose to follow me on Twitter so I can let you know when fresh items are published here first on Computerworld.