Nov 11, 2016 07:00 AM EST
iOS WebView Bug Forces iPhones To Call 911; iOS 10 Fixes? [VIDEO]
It appears that the iOS 10 does not have the necessary fixes even though Security Researcher Collin R. Mulliner discovered a similar bug back in 2008. The 2008 bug affected the Safari mobile browser, which led to fixes with the iOS 3. However, the fix only applied to Apple's Safari.
Last month teen Meetkumar Hiteshbhai was arrested on three counts of Felony Computer Tampering after sending out a link on Twitter. This link contained an exploit designed to force people's phones to dial 911 repeatedly. Researchers have identified the cause.
After learning of the arrest, Mulliner could not believe the bug resurfaced and began investigating. He looked into the iOS Twitter and LinkedIn apps and was able to get a simple auto phone dialer working in a short amount of time. However, further investigation revealed Hiteshbhai's exploit uses a different trigger.
The issue lies within WebView itself. Its components mishandle telephone links of TEL URIs embedded in web pages. The phone automatically dials numbers if the link was clicked in WebView. Attackers can set any number of their choosing and make people's phones dial those. These links may appear innocent but users are urged to be wary, Bleeping Computer reported.
Apple's fix for Safari makes the browser confirm via a pop-up, if the user wants to make the call. However, Twitter and LinkedIn have yet to address the issue, at least publicly.
Apple fixed the problem regarding safari with iOS 3, Gizmodo reported. That being said, consumers are not mistaken to expect a patch for iOS 10 or future iterations that fix the problem. The iOS 10 is the current mobile operating system Apple uses and the next version will come out sometime next year.
Join the Conversation