Although it is probably the best-maintained firmware for mobile devices, the iOS system has a “tradition” of exposing a bug every few years with some of the most serious consequences, starting with the blocking of an app, or the device as a whole.
Two years ago we learned about the Telugu bug, where you could lock anyone’s iPhone by sending messages containing two special characters. Pulled almost to a fault, the new iOS 16 bug is also triggered by the inclusion of special characters, only this time only the Mail app is left unusable, the device remains in working order.
Discovered by accident, the bug was first triggered when receiving SPAM messages from China, notorious for the way poorly crafted translations leave behind all sorts of wording containing unintelligible characters. This time the problem appeared right in the sender mention field, wording like [email protected] retaining symbols most likely mistakenly taken from a previously prepared address list. This is why the SPAM came with sender addresses such as “sender”@example.com.
Normally, such a mistake triggers at most one error message when trying to reply to that message. No more leaving the email client in a recurring crash state, where the application crashes as soon as it is started.
As this is a pre-installed app with iOS 16, the issue can manifest itself on all devices updated to that firmware version, any new email message received may block further access to the Inbox.
Dubbed Mailjack, the as-yet undocumented attack as being used with intent can be exploited up to the latest iPadOS 16.1 beta release, with Apple left to fix the discovered bug in a future update. In the meantime, iPhone and iPad users can use alternatives such as Gmail, Outlook or Hotmail, which already include a feature to correct misspelled email addresses.