iOS 11 Bug Lets Camera QR Code Reader Redirect Users to Malicious Websites: Report

iOS 11 Bug Lets Camera QR Code Reader Redirect Users to Malicious Websites: Report
Highlights
  • The bug arises as a miscommunication between camera app and Safari
  • URL in notification preview can be different from actual link
  • The vulnerability was reported to Apple in December last year
Advertisement

Another day, another iOS bug discovery. The stock Camera app on iOS 11 was recently updated to automatically detect QR codes and show link previews in case the QR code contains a URL. However, reports have surfaced online that suggest this feature has an apparent bug that can allow people to change the actual URL that is redirected on clicking the link shown in the notification preview.

A report by InfoSec details the new bug that involves creating an unsuspecting hostname such as facebook.com or google.com in the notification preview, while adding a different URL for when it redirects in Safari. For instance, the report uses facebook.com as the front and the actual URL is https://xxx\@facebook.com:443@infosec.rm-it.de/. Scanning the custom QR code will display facebook.com in the notification but clicking on it will open a website not linked with the social media giant. This is said to be because "The URL parser of the camera app has a problem here detecting the hostname in this URL in the same way as Safari does."

This, in turn, is said to cause a miscommunication between the camera app and Safari leading to an evidently major bug. The report claims that Apple was first informed about the bug back on December 23 last year, but as of writing this, the bug has not yet been taken down.

This is not the first instance when iOS 11 has been caught up in a major UI bug incident. Just recently, a privacy vulnerability hit the mobile operating system using which Siri could read out loud notifications from the lock screen, even those that were hidden behind a passcode or biometric verification. Apple has since responded and promised a fix in an upcoming software update.

Comments

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.

Further reading: QR Codes, iPhone, iPad, Mobiles, Tablets, Apple, Safari, iOS, iOS 11
Bluetooth Is Getting Better but Wireless Audio Still Has a Long Way to Go
Apple, IBM Chiefs Call for More Data Oversight After Facebook Breach
Share on Facebook Gadgets360 Twitter Share Tweet Snapchat Share Reddit Comment google-newsGoogle News
 
 

Advertisement

Follow Us
© Copyright Red Pixels Ventures Limited 2024. All rights reserved.
Trending Products »
Latest Tech News »