iOS 11 Bug Lets Camera QR Code Reader Redirect Users to Malicious Websites: Report

Advertisement
By Ankit Chawla | Updated: 26 March 2018 18:20 IST
Highlights
  • The bug arises as a miscommunication between camera app and Safari
  • URL in notification preview can be different from actual link
  • The vulnerability was reported to Apple in December last year

Another day, another iOS bug discovery. The stock Camera app on iOS 11 was recently updated to automatically detect QR codes and show link previews in case the QR code contains a URL. However, reports have surfaced online that suggest this feature has an apparent bug that can allow people to change the actual URL that is redirected on clicking the link shown in the notification preview.

A report by InfoSec details the new bug that involves creating an unsuspecting hostname such as facebook.com or google.com in the notification preview, while adding a different URL for when it redirects in Safari. For instance, the report uses facebook.com as the front and the actual URL is https://xxx\@facebook.com:443@infosec.rm-it.de/. Scanning the custom QR code will display facebook.com in the notification but clicking on it will open a website not linked with the social media giant. This is said to be because "The URL parser of the camera app has a problem here detecting the hostname in this URL in the same way as Safari does."

Advertisement

This, in turn, is said to cause a miscommunication between the camera app and Safari leading to an evidently major bug. The report claims that Apple was first informed about the bug back on December 23 last year, but as of writing this, the bug has not yet been taken down.

This is not the first instance when iOS 11 has been caught up in a major UI bug incident. Just recently, a privacy vulnerability hit the mobile operating system using which Siri could read out loud notifications from the lock screen, even those that were hidden behind a passcode or biometric verification. Apple has since responded and promised a fix in an upcoming software update.

 

Get your daily dose of tech news, reviews, and insights, in under 80 characters on Gadgets 360 Turbo. Connect with fellow tech lovers on our Forum. Follow us on X, Facebook, WhatsApp, Threads and Google News for instant updates. Catch all the action on our YouTube channel.

Further reading: QR Codes, iPhone, iPad, Mobiles, Tablets, Apple, Safari, iOS, iOS 11
Advertisement

Related Stories

Popular Mobile Brands
  1. Moto G77 Power Listing Confirms Key Specifications Before July 8 Debut
  2. Vivo Y500 4G Makes Global Debut With an 8,100mAh Battery: See Price
  3. Samsung Galaxy Z Fold 8 Series Could Ship With This Notable Display Upgrade
  4. Top ACs from Carrier, Voltas and More Brands During Amazon's Prime Day Sale
  1. Apple Brings Back Card Payments for App Store and iCloud Transactions in India After Five Years
  2. Samsung Galaxy Z Fold 8 Series Tipped to Launch With a New Hinge to Minimise Display Crease
  3. Huawei Mate X8 Display, Camera Details Leaked Online; Mate XT 2 and Mate X8 Said to Launch With Kirin Processor
  4. Redmi Said to Be Working on 7-Inch 'Performance' Smartphone
  5. Bitcoin Trades Near Two-Week High as Crypto Investor Sentiment Improves
  6. iOS 27 System Prompt Reportedly Hints at Apple’s New Smart Wearable With Two Cameras
  7. Xiaomi Civi Series Discontinued With No Next-Generation Model Planned, Claims Tipster
  8. Apple’s Foldable iPhone to Hit Shelves Later Than Anticipated Due to ‘Manufacturing Challenges’, Analyst Claims
  9. Samsung Galaxy F70 Pro Bluetooth SIG Listing Suggests Its Launch Might Be Right Around the Corner
  10. iPhone Air 2 Design Leaked in New Renders That Point to Dual 48-Megapixel Cameras
Download Our Apps
Available in Hindi
© Copyright Red Pixels Ventures Limited 2026. All rights reserved.