Software Bugs Monthly Digest – July 2021

by Yulia Lomanova | August 4, 2021 7:23 am

Without a doubt, July was a remarkable month for everyone involved in quality assurance, as we witnessed well-known digital brands face all sorts of bugs that also caused nightmares for users. 

With issues in the iOS 14.7 update and a zero followers glitch in TikTok, here is a recap of the latest QA buzz this July.

Journalists, Activists, and Politicians Hacked with iMessage Zero-Click Exploit

Private phones of international public figures have been targeted with spyware that initially aims to track terrorist activity.

The investigation held by 17 media organizations revealed a list of over 50,000 phone numbers of targeted victims that included Arab royal family members, politicians and government officials, journalists, human rights activists, and business executives. 

The spy tool in question, Pegasus, was developed by cybersecurity organization NSO Group to help governments conduct criminal investigations. Pegasus can infiltrate smartphones via iMessage and WhatsApp and extract messages and photos, record calls, and secretly activate microphones.

A report from Amnesty International claims that spyware experts studying the matter detected a zero-click attack exploiting vulnerabilities in a fully patched iPhone 12 Pro Max running iOS 14.6. 

What are zero-click hacks? Unlike typical cyberattacks where a user is tricked into clicking on a vulnerable URL or downloading an attachment with malware, zero-click hacks exploit data verification loopholes in the device to work their way into the system. 

According to Apple, the existence of tools like Pegasus is not an issue for the majority of iPhone users as they get a sufficient security level.

Click here[1] to read the report from Amnesty International.

A TikTok Glitch Left Accounts with Zero Followers

A new glitch hit TikTok in July and left users unable to log in, with no followers, and video view counts being reset to zero.

Users also reported issues occurring in the “For You” tab where the same videos repeatedly appeared, even though TikTok’s algorithm should offer a wide range of content.

Building up a following on TikTok, like on any other social media platform, takes a lot of hard work.  That’s why when the app tells you to start from scratch, it can be very alarming. 

It is not the first time TikTok users have faced such problems. Previously, follower numbers were reset to zero in May when it continued for hours before the issue got finally fixed.

7-Year-Old Linux Bug Gives You Root Access on Most Linux Systems

A new vulnerability in the Linux operating system can grant attackers root access on most distros, such as Fedora, Debian, and Ubuntu. 

Named Sequoia, the new vulnerability was discovered in the Linux filesystem layer, the OS component that interacts and manages local files.

By creating, mounting, and deleting a large directory structure with a path length of more than 1 GB, the Sequoia bug appears in the filesystem component – and enables any low-privileged local account to execute code with root privileges.

This vulnerability won’t allow breaking into Linux distros remotely. However, as soon as attackers have a foothold on any system, they can use the Sequoia bug to hijack the entire OS.

Patches to address this issue were also released in July.

iOS 14.7 Breaks Apple Watch iPhone Feature

Apple has an annoying bug that can affect millions of iPhone owners. The company has confirmed that its latest iOS 14.7 update can break the ability of iPhones to unlock an Apple Watch.

The support document confirms that “when you have Unlock with iPhone turned on, unlocking your iPhone unlocks your Apple Watch as long as you are wearing it. An issue in iOS 14.7 affects the ability of iPhone models with Touch ID to unlock Apple Watch.”

Now, to get access, regular consumers will have to revert to typing the passcode on their Apple Watch every time they put it on. In case you forgot your passcode, you’ll need to reset your Apple Watch. Enterprise users will have to unpair, erase, and set up their Apple Watches again. 

The company says it will address the issue in an upcoming software update.

Click here[2] to read the support document. 

Call Of Duty: Warzone Load-out Feature Removed after Causing Bugs

Call of Duty: Warzone’s new handy load-out feature was disabled after it caused several bugs and exploits.

The update that allowed players to edit their load-outs in the pre-game lobby, also brought numerous game-changing exploits along with it. For instance, players could spawn into a game with their load-outs already equipped, get infinite Dead Silence, and get access to Weapon Blueprints and camos.

After the exploits were reported, the new feature was disabled. However, the solution left players frustrated as they can no longer edit their classes during multiplayer matches.

Raven Software confirmed that they would re-enable this feature later – as soon as they figure out how to prevent the glitch.

QA and software testing[3]

Learn more from QATestLab

Related Posts:

Endnotes:
  1. here: https://www.amnesty.org/en/latest/research/2021/07/forensic-methodology-report-how-to-catch-nso-groups-pegasus/
  2. here: https://support.apple.com/en-us/HT212615
  3. [Image]: https://qatestlab.com/services/?utm_source=Blog&utm_medium=Post&utm_campaign=services
  4. Is software testing a waste or a benefit?: https://blog.qatestlab.com/2017/12/15/software-testing-purpose/
  5. Most expensive bugs of 2016: https://blog.qatestlab.com/2017/06/27/most-expensive-bugs/
  6. Software failure: how to avoid Murphy’s law?: https://blog.qatestlab.com/2017/06/06/software-product-failures/

Source URL: https://blog.qatestlab.com/2021/08/04/software-bugs-monthly-digest-july-2021/