It's Now Safe to Open Links in iPhone Apps Again After iOS 10.3 Security Fix
While clicking random links on the internet probably isn't the best idea to begin with, now you can rest easy knowing that your iPhone won't repeatedly dial 911 after tapping a malicious link in Twitter, Facebook, or other apps that use iOS's WebView.
The links in question, which have been floating around on the internet since last October, have a malicious code that will dial 911 over and over again without rest. The code was designed by an 18-year-old Arizona man, Meetkumar Hiteshbhai Desai, who shared the malicious link online for others to use. This mischievous "prank" resulted in thousands of accidental emergency calls in a dozen US states, and Desai was charged with four felony counts of computer tampering.
Nothing like a prank that wastes people's time and threatens thousands of lives, am I right? Ugh, youths.
Safari itself wasn't affected by these malicious links, but only apps that used iOS's WebView, which is basically a built-in Safari browser in those apps that use it, like Twitter and Facebook. Directly in Safari, when you tap on one of these links, it asks you for confirmation that you want to call the phone number, but in WebView, this didn't happen, and the call went through right away.
The new iOS 10.3 update that was released earlier this week finally fixed this issue (CVE-2017-2484) by requiring a confirmation to call the phone number that's masquerading as an innocent link, instead of just calling it outright. According to the Wall Street Journal, Apple previously "worked with app developers to fix the vulnerability" before this security patch, but that "this update will now prevent it from happening even on apps that hadn't already fixed the issue."
Also fixed alongside this WebView bug was a Quick Look issue (CVE-2017-2404) that triggered a call when users tapped on a telephone link in a PDF document. Now there's a confirmation prompt for numbers in Quick Look, too. (QuickLook is Apple's built-in document viewer that lets you preview PDFs and documents from Word, Pages, etc.)
The attack on call centers causes concern from more than just users and phone companies; the Department of Homeland Security has been working for two years to prevent these kind of attacks. While no fix has been implemented in 911 call centers yet, trials are underway.
No comments