Recently, a new iOS 11 bugs related to the native Camera application was discovered. Using it to scan a QR code, the application can make us open an unwanted link.
Starting with iOS 11 you can directly use the native Camera application to scan QR codes. By framing one of these codes through the Camera, we will be able to open the web addresses associated with them. Unfortunately, because of this bug in iOS 11, the application could provide us with an incorrect link and let us visit another website.
When the Camera application recognizes the hidden web address in the QR code, it asks for permission from the user to visit the website. Through the newly discovered bug, a user received a consent request to visit http://facebook.com but found himself on a company’s private site. This is possible by entering the following code
https: // xxx \ @ facebook.com: 443@infosec.rm-it.de/
where instead of the “xxx” the desired address must be put. In this way, the Camera will request permission for http://facebook.com but will access directly to the site indicated by the user. You can also try this simple QR Code below:
Recent Comments