• Home
  • iOS
  • News
  • iOS 11 Vulnerability in Camera App’s QR Code Reader Could Send Users to Malicious Websites

iOS 11 Vulnerability in Camera App’s QR Code Reader Could Send Users to Malicious Websites

iOS 11 Vulnerability in Camera App’s QR Code Reader Could Send Users to Malicious Websites

A vulnerability in the QR Coder Reader that is built-in to the iOS 11 Camera app could direct users to a malicious website without their knowledge.

iOS 11 Vulnerability in Camera App's QR Code Reader Could Send Users to Malicious Websites

iOS 11 added a feature to the Camera app that allows users to point the camera lens of their iPhone at a QR code and the app will load and act upon the instructions embedded in the code. This can include an embedded URL. While iOS first asks the user to confirm whether they want to visit the website.

However, the flaw in the app can allow the QR code to actually send you to a different URL than the one that’s being displayed.

Infosec demonstrates how it works:

If you scan [the QR code below] with the iOS (11.2.1) camera app, it will show this notification:

Open “facebook.com” in Safari

But if you tap it to open the site, it will instead open https://infosec.rm-it.de/

The website demonstrates how it all works, by providing a QR code that appears to be sending you to Facebook.com, but instead sends you to a benign URL set up by Infosec for the purpose of demonstrating the flaw. You can try it here.

The flaw can be exploited by crafting the URL in the following manner:

https://xxx\@facebook.com:443@infosec.rm-it.de/

When crafted in this manner, the first URL is the one displayed by the iOS 11 Camera app QR Code Reader, but the second URL is the one that you’re taken to.

Infosec says the flaw was reported to Apple on December 23, 2017, but still hasn’t been fixed. We’ll keep you posted.

(Via 9to5Mac)

 

Related

  1. Apple TV Gets an Update to Version 6.1 – Allows Easier Hiding of Channel Icons
  2. FreedomPop Freedom Sleeve – An iPhone Case With a Built-In 4G Hotspot (And Free Data!)
  3. Microsoft Releases New Outlook for Mac – Next Office for Mac Release Coming in 2015
  4. New iOS 7 APIs Will Allow Developers to Detect Smiling and Blinking in Photo Apps
  5. Apple Releases Logic Pro X 10.1, Updated Version of Logic Remote App
  6. Apple Announces Record-Breaking Sales for iPhone 6s & iPhone 6s During Opening Weekend
Apple Giveaways

iPhone X Giveaway

$999

Enter

MacBook Pro Giveaway

$1499.00

Enter

10.5″ iPad Pro Giveaway

$649.00

Enter

iPhone 8 Plus Giveaway

$800.00

Enter
Share