In a bizarre case of what appears to be Chinese censorship gone wrong, Apple introduced a bug in iOS that could cause an app to crash if a user received the Taiwan flag emoji and had their region set to China. This would allow remote users to essentially perform a denial-of-service on a receiving messaging application by constantly sending the emoji.
According to a blog post by security researcher Patrick Wardle, he discovered this bug when a friend told him that iOS apps would crash when she types the word "Taiwan" or received a message with the Taiwanese flag.
"She claimed that any time she typed the word
Taiwan or worse, received a message with a Taiwanese flag () it would crash the application on her (fully patched) iOS device." stated Wardle in an Objective-see.com blog post.
Up for a challenge, he decided to debug the crash and determine what was wrong.
When Wardle debugged the crash on his friend's iPhone 7 he discovered that a particular function related to emoji processing was returning NULL, which would cause the querying app to crash. For those who are interested in the technical aspects of how he debugged this crash, I strongly suggest you visit his blog and read his his detailed approach to this problem.
As a byproduct of performing this analysis, Wardle also discovered that iOS would strip out the Taiwanese flag emoji from received messages if a user has their region set to China. This may be done by Apple at the request of China who does not acknowledge Taiwan as its own country. If this is the case, then Apple is purposely putting China's political interests above their own customers.
The way this censorship works is if an iOS user has their region set to China and they receive a message that contains a Taiwanese flag, iOS will strip it and show a missing symbol image. You can see an example of this below where my rightfully confused wife sent me a Taiwanese flag emoji at my request.
Apple also went one step further and completely eliminated the Taiwanese flag emoji from the emoji list if your region is set to China. Notice how you can see the Taiwanese flag if you are in the USA region, but not so much when set to China.
While Wardle ultimately found the source of the bug, he is not really sure why his friend was having this problem as her region was set to USA. For her, a fix was simply to toggle the region to China and then back again to USA.
The good news is that Apple fixed this bug in iOS 11.4.1 and even thanked Patrick Wardle for finding the bug.
Emoji Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing an emoji under certain configurations may lead to a denial of service Description: A denial of service issue was addressed with improved memory handling. CVE-2018-4290: Patrick Wardle of Digita Security
The bad news is that the censorship is still occurring.
BleepingComputer has reached out to Apple for comment regarding the stripping of emojis, but have not heard back at the time of this publication.