Collin Mulliner, a security researcher disclosed the vulnerability in his blog this week after reports to several companies were met with very little enthusiasm. Actually, the flaw exists in an iOS component called WebView. With WebView, Developers can display web-based content within their own apps using Apple’s default Safari Browser. Colling Mulliner also shared demonstration video of the flaw being exploited in which he showed that iOS apps like Twitter and Linkedin are vulnerable to attacks. He also stated that he also tested Facebook, WhatsApp, Snapchat and Yelp. However, these apps were not exposed. Mulliner said “There are tons of other messengers and so many other social media apps that and those could potentially be vulnerable” According to Colling Mulliner, the attack is quite easy to pull off. Hackers just need to send a link to a web page that contains specially-crafted HTML code. Once victim taps the link the code is executed and can make calls through the compromised iPhone. Collin Mulliner said “Any app that has a WebView in their app where a URL can be loaded that the user can submit to the app is potentially vulnerable. It’s absolutely simple. Anybody can do this” In the meantime, we recommend you to don’t click on any link blindly! Have something to add? Tell us in the comment section below.
