Detecting vulnerabilities in the QR code reader tool of iOS 11 may trick users into accessing malicious websites
Infosec page discovered a security flaw in the QR code reader tool of iOS 11 Camera app that could cause users to be tricked into accessing malicious websites without their knowledge.
Since iOS 11, to read QR codes, users only need to use the Camera app and not install their own software like before. Even, users can access the website if the QR code is embedded with the website address. But an error occurred on this QR tool, which can cause users to be tricked into accessing other websites with the displayed address.
Infosec has experimented with the Camera app on iOS 11.2.1, with the QR code below you will get asked to access facebook.com, but in fact it leads users to the Infosec website. This shows that the tool for reading QR codes in iOS 11 Camera app is easily tricked.
The bug was discovered by Infosec at the end of last year, and they reported this error to Apple on December 23, 2017, but so far despite a lot of iOS update versions have been released, it has not been fixed yet.
See more:
- New dangerous security vulnerabilities appear on iOS 11.2.6, can read messages without unlocking
- The former Apple engineer claims to be able to unlock all iPhones for $ 15,000
- The most prominent new features in iOS 11.3
You should read it
- GitHub's machine learning tool can detect vulnerabilities in code
- What is Low-Code? And how does it work?
- The researcher released code that exploits the iOS Kernel vulnerability
- What is QR code?
- Microsoft fixes a serious vulnerability that has existed for 17 years in Windows Server
- Immediately patch CWP vulnerability that allows code execution as root on Linux servers
- Hundreds of HP printer models contain vulnerabilities that allow remote code execution attacks
- How to read UPC bar codes to identify US, Japanese or Chinese goods
- Find bug in Emotet malware, prevent it from spreading for 6 months
- Discovered a new zero-day vulnerability on macOS that allows attackers to run commands remotely
- Warning: Vulnerability in Windows' HTTP Protocol Stack attacks remote code execution, no authentication required
- Microsoft Teams' new Reading Progress tool improves student reading and saves teachers time
Maybe you are interested
How to Fix RCS Not Working on iOS 18
Here are all the new features coming to Apple CarPlay on iOS 18
How to View Recalled Messages on Messenger on PC, Android, iOS
AMD Ryzen Users Should Install This BIOS Update for a Free Performance Boost
How to run iOS emulator on PC quickly and simply
How to use new features in Apple Maps on iOS 18