Posted on 26 August 2014.
. http://www.net-security.org/images/articles/iphone_chain.jpgFacebook will soon be pushing out an update to its iOS Messenger app meant to patch a vulnerability that could allow attackers to place pricy calls from users' phones by simply making them click on a web link.
The flaw has been recently discovered by developer Andrei Neculaesei from Copenhagen, and can be triggered by using the tel URL scheme.
"The tel URL scheme is used to launch the Phone app on iOS devices and initiate dialing of the specified phone number," it is explained in an Apple document.
"When a user taps a telephone link in a webpage, iOS displays an alert asking if the user really wants to dial the phone number and initiates dialing if the user accepts. When a user opens a URL with the tel scheme in a native app, iOS does not display an alert and initiates dialing without further prompting the user."
Full Article
Facebook to fix flaw that can force iPhones to make calls
Userlevel 7
+54
Be the first to reply!
Reply
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.