- The bug arises as a miscommunication between camera app and Safari
- URL in notification preview can be different from actual link
- The vulnerability was reported to Apple in December last year
Another day, another iOS bug discovery. The stock Camera app on iOS 11 was recently updated to automatically detect QR codes and show link previews in case the QR code contains a URL. However, reports have surfaced online that suggest this feature has an apparent bug that can allow people to change the actual URL that is redirected on clicking the link shown in the notification preview.
A report by InfoSec details the new bug that involves creating an unsuspecting hostname such as facebook.com or google.com in the notification preview, while adding a different URL for when it redirects in Safari. For instance, the report uses facebook.com as the front and the actual URL is https://firstname.lastname@example.org:email@example.com/. Scanning the custom QR code will display facebook.com in the notification but clicking on it will open a website not linked with the social media giant. This is said to be because “The URL parser of the camera app has a problem here detecting the hostname in this URL in the same way as Safari does.”
This, in turn, is said to cause a miscommunication between the camera app and Safari leading to an evidently major bug. The report claims that Apple was first informed about the bug back on December 23 last year, but as of writing this, the bug has not yet been taken down.
This is not the first instance when iOS 11 has been caught up in a major UI bug incident. Just recently, a privacy vulnerability hit the mobile operating system using which Siri could read out loud notifications from the lock screen, even those that were hidden behind a passcode or biometric verification. Apple has since responded and promised a fix in an upcoming software update.