toggle

AAPL Stock: 100.96 ( -0.83 )

Printed from http://www.macnn.com

Some iOS apps vulnerable to auto-dialing URLs, developer notes

updated 04:48 pm EDT, Mon August 25, 2014

Major apps identified as culprits

A number of iOS apps -- including Facebook Messenger, Gmail, and Google+ -- have a security vulnerability that could allow malicious parties to force an iPhone to auto-dial, observes Romanian developer Andrei Neculaesei. iOS supports a tel:// URI that can make a call automatically, even though developers are allowed to bypass confirmation prompts for the dialer if they want. Through a vulnerable app and the right web code, a person could potentially be tricked into dialing a toll number. A FaceTime variant could let someone capture images of a person before disconnecting.

Neculaesei suggests that the problem lies with developers and not Apple, since documentation explains the situation and identifies how apps can be configured to display warning prompts. "While I only tested on a few apps which are big names, it is safe to assume that the smaller teams and platform haven't even thought about preventing this," he adds.





by MacNN Staff

toggle

Comments

  1. hayesk

    Professional Poster

    Joined: 09-17-99

    I tested this, and it works. This seems like a bad decision on Apple's part. Who needs this capability?

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

MacNN Sponsor

Recent Reviews

Autodesk Smoke 2015

Since May of this year, Autodesk has been shipping the highly anticipated update to its high-end post-production video editing suite, ...

Crucial MX100 256GB SATA-3 SSD

While the price-per-gigabyte ratio for magnetic platter-based hard drives can't be beat, the speed that a SSD brings to the table for ...

Narrative Clip

With the advent of social media technology, people have been searching for new ways to share the events of their daily lives -- be it ...

toggle

Most Commented