Icloud stumbles upon last names, locks out users

Since September last year, actress Rachel True has not accessed her Icloud account. Phone calls, chats and emails to Apple support have not led anywhere, so in late February she began writing about the problem on Twitter and the response has been great.

Rachel True could see in crash reports for Icloud that the fault seems to lie in Apple’s code and the handling of her last name (True is not an artist name), a conclusion shared by many developers who have commented on Twitter.

It seems that Apple has not protected the input in the last name field on Icloud so that whatever you write is interpreted as text only, which means that the name “true” is instead interpreted as the value of a Boolean variable (1/0, true / false). Another code then sees that the program tries to give the variable last name a value of a type other than text string, and crashes.

The attention seems to have had an effect, and in one follow-up tweet on Saturday, Rachel True writes that Apple has promised to hear from it early next week.

Several commentators have pointed out the similarity with an old XKCD joke about a parent who names his son “Robert”); DROP TABLE Students; – ”and thus deletes the entire database of students at the son’s school. In Rachel Trues’ case, the problem only leads to a crash, but this type of error is often behind hacks when hackers figure out ways to get a program to run arbitrary code via “incorrectly formatted” entries.