As with many previous similar issues, the problem is with Core Text, Apple's technology for drawing text and handling fonts. According to a Mozilla engineer Manish Goregaokar, the issue is caused by how ligatures are handled for some Indic languages. In this case, the source of the bug was the combination of Telegu characters in a certain format, which, while usually not very useful, can actually occur in some alphabets. It's possible that whenever Core Text on iOS (or macOS, or tvOS...) tries to handle this sequence characters, a miscommunication occurs, and the buffer for these glyphs is not allocated, which causes an error, and, eventually, a crash.
While this is may not be as serious of an issue in terms of security, it is a denial of service attack, and can be used to lock Apple users out of apps, and, according to some reports, can even cause boot loops.
So, how do you fix this – other than installing Apple's patch?
If you are using a Mac, one option would be to remove the Telegu font altogether. If you are using a jailbroken iOS device, however, there might be an easier option.
Created by @zackh105, the tweak, which is called NotTodaySatan, will remove all instances of the cursed Unicode runes that it can find – and will work not just on the single character spreading on Twitter right now, but on other similar sequences.
The tweak is being actively worked on right now, and can already boast systemwide blocking on iOS 10 and compatibility with most recent iOS versions.
The tweak is available from BigBoss, and you can download it by following this link.
Header image: @poryfloyd