While Apple’s iOS mobile operating system is generally considered safe from attackers, a new exploit utilizing vCards is impacting iPhone owners running iOS versions 8-10.
The iOS vCard exploit involves complex Address Book contacts being sent via the Messages app. When a user tries to open the vCard, the app crashes—which is, unfortunately, a repeating event; as the app is designed to revert itself back to the previous task when re-opened, thereby causing it to crash once again.
Discovered by software dev Vincedes3, those hit by the iOS vCard exploit are not completely without recourse to recover Messages. Impacted users can visit this link via Safari to open a send a new message window, delete this, and then remove the infected vCard-containing text from the Messages app. Siri can also be used to send a message to yourself, which moves the infected message down the list, enabling the Messages app to open correctly once again—at which point, the vCard can be removed.
For the most part, iOS users are quite fortunate—things like this don’t happen all too often. The last major exploit to impact the Messages app occurred back in 2015; in this case, Siri was also considered a good workaround.
Apple hasn’t yet released an update to iOS 10 to fix this vCard exploit; though, given their usually quick turnaround on matters like this, expect one in the next few days. In the meantime, ignore any vCard attachments in text or iMessages this holiday weekend.