New Apple iOS Camera Bug raises Mobile Security concerns

Apple Inc, an American Multinational Technology company renowned for its iPhone series is back in the news; but for all wrong reasons. A new Apple iOS Camera bug is found to be fooling the users by making them visit a malicious website.

Security researchers from Infosec found the bug and are said to have reported it to Apple on December 23rd last year. But the iPhone maker is yet to find a fix to the security loophole which tricks the users into tapping a malicious page when tapped on the prompted link.

Going into the details, usually the standard iOS camera app when pointed to a QR code of a website pops up the name of the website on top and lets the users decide if they desire to click on it.

But the new bug is said to be showing a different name and can lead the users in clicking a malevolent website which could trigger major concerns related to mobile security.

Roman Mueller, a senior security researcher at Infosec disclosed more info about the bug on his twitter page through a demo video which exhibits the bug in the iOS 11.2.1 camera app.

The video shows a cleverly parsed URL in QR codes which smartly exhibits a different host in the notification.

Early this month, Apple countered a different bug in the use of its Siri application. The virtual assistant which is meant to read out notifications when customized was found reading all the notifications aloud without being prompted to do so. The bug was reported to work with third-party email and messaging apps such as Gmail, WhatsApp, Facebook, Slack, Signal and was found not impacting Apple iMessage notifications.

In Feb this year, Apple users found it extremely difficult to deal with the Indian Telugu letter ‘జ్ఞ‌ా’ (pronounced as Ghana)

Now, the latest which is doing rounds on Reddit and GitHub is how the Apple iOS Camera bug tricks users into clicking malicious websites.  

When our scribes tried to reach Apple, a source from the tech giant responded and confirmed that all the security loopholes will be fixed in future updates.

Naveen Goud
Naveen Goud is a writer at Cybersecurity Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security

No posts to display