Detecting vulnerabilities in the QR code reader tool of iOS 11 may trick users into accessing malicious websites

Infosec page discovered a security flaw in the QR code reader tool of iOS 11 Camera app that could cause users to be tricked into accessing malicious websites without their knowledge.

Since iOS 11, to read QR codes, users only need to use the Camera app and not install their own software like before. Even, users can access the website if the QR code is embedded with the website address. But an error occurred on this QR tool, which can cause users to be tricked into accessing other websites with the displayed address.

Detecting vulnerabilities in the QR code reader tool of iOS 11 may trick users into accessing malicious websites Picture 1

Infosec has experimented with the Camera app on iOS 11.2.1, with the QR code below you will get asked to access facebook.com, but in fact it leads users to the Infosec website. This shows that the tool for reading QR codes in iOS 11 Camera app is easily tricked.

Detecting vulnerabilities in the QR code reader tool of iOS 11 may trick users into accessing malicious websites Picture 2

The bug was discovered by Infosec at the end of last year, and they reported this error to Apple on December 23, 2017, but so far despite a lot of iOS update versions have been released, it has not been fixed yet.

See more:

New dangerous security vulnerabilities appear on iOS 11.2.6, can read messages without unlocking
The former Apple engineer claims to be able to unlock all iPhones for $ 15,000
The most prominent new features in iOS 11.3