Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Bug IOS Iphone Privacy Safari Security Software United States Apple Technology

iOS WebView Bug Can Force iPhones To Make Calls While UI Freezes (bleepingcomputer.com) 22

An anonymous reader writes: "A bug in the iOS WebView component allows an attacker to force someone's iPhone to dial any number, while also locking the user's interface for a few moments, preventing him to cancel the outgoing call," reports BleepingComputer. "The bug was at the heart of the recent accidental DDoS of 911 call centers across the U.S." At the heart of the issue is a Safari bug reported in 2008, which was fixed in iOS 3.0. The same bug also exists in the WebView component used by app makers to show web pages inside other apps. The researcher that found the bug writes in a blog post: "If you think automatically dialing a phone number after clicking a link in an app is not a big issue think again. DoSing 911 is pretty terrible but there are other examples such as expensive 900 numbers where the attacker can actually make money. A stalker can make his victim dial his phone number so he gets his victim's number. Altogether things you don't want to happen. [...] Apple should change the default behavior of WebViews to exclude execution of TEL URIs and make it an explicit feature to avoid this kind of issues in the future."
This discussion has been archived. No new comments can be posted.

iOS WebView Bug Can Force iPhones To Make Calls While UI Freezes

Comments Filter:

"The vast majority of successful major crimes against property are perpetrated by individuals abusing positions of trust." -- Lawrence Dalzell

Working...