• Home
  • iOS
  • News
  • iOS 11 Vulnerability in Camera App’s QR Code Reader Could Send Users to Malicious Websites

iOS 11 Vulnerability in Camera App’s QR Code Reader Could Send Users to Malicious Websites

iOS 11 Vulnerability in Camera App’s QR Code Reader Could Send Users to Malicious Websites

A vulnerability in the QR Coder Reader that is built-in to the iOS 11 Camera app could direct users to a malicious website without their knowledge.

iOS 11 Vulnerability in Camera App's QR Code Reader Could Send Users to Malicious Websites

iOS 11 added a feature to the Camera app that allows users to point the camera lens of their iPhone at a QR code and the app will load and act upon the instructions embedded in the code. This can include an embedded URL. While iOS first asks the user to confirm whether they want to visit the website.

However, the flaw in the app can allow the QR code to actually send you to a different URL than the one that’s being displayed.

Infosec demonstrates how it works:

If you scan [the QR code below] with the iOS (11.2.1) camera app, it will show this notification:

Open “facebook.com” in Safari

But if you tap it to open the site, it will instead open https://infosec.rm-it.de/

The website demonstrates how it all works, by providing a QR code that appears to be sending you to Facebook.com, but instead sends you to a benign URL set up by Infosec for the purpose of demonstrating the flaw. You can try it here.

The flaw can be exploited by crafting the URL in the following manner:

https://xxx\@facebook.com:443@infosec.rm-it.de/

When crafted in this manner, the first URL is the one displayed by the iOS 11 Camera app QR Code Reader, but the second URL is the one that you’re taken to.

Infosec says the flaw was reported to Apple on December 23, 2017, but still hasn’t been fixed. We’ll keep you posted.

(Via 9to5Mac)

 

Related

  1. New Video Shows MAME Emulator Running on New Apple TV
  2. Siri Takes a Proactive New Role Against Apparent Suicide References
  3. Amazon Reported to be Working on a $5-per-Month Echo Music Streaming Service
  4. More Details Emerge About Design Process Of Steve Jobs’s Yacht
  5. Apple Slips Behind Samsung, Sony, and Microsoft in Forrester Customer Experience Survey
  6. Belkin Announces New Thunderbolt 2 Express Dock HD for Macs and PCs
Apple Giveaways

iPhone X Giveaway

$999

Enter

MacBook Pro Giveaway

$1499.00

Enter

10.5″ iPad Pro Giveaway

$649.00

Enter

iPhone 8 Plus Giveaway

$800.00

Enter
Share