14 DAY TRIAL // Another day, another bug is discovered in Apple's latest iOS 11 mobile operating system for supported iPhone, iPad, and iPod touch devices. This time, a vulnerability was unearthed in the built-in QR code reader.
Promoted as "A giant step for iPhone" and "A monumental leap for iPad," Apple's iOS 11 mobile operating system comes with lots of innovative and handy features, including a built-in QR code reader into the iOS camera app, which eliminates the need for third-party QR code readers.
However, iOS 11 proved to also come with numerous bugs, and the latest was unveiled over the weekend by German website Infosec (via 9to5mac), which reveal the fact that the built-in QR code reader can be tricked into redirecting users to a malicious website even without their knowledge.
Here's how the iOS 11 camera QR code reader vulnerability works
When scanning a QR code with the built-in iOS camera QR code reader, you'll usually see a notification about a website opening in Safari. Infosec site explains that the iOS camera QR code reader vulnerability can be used by someone to fool it to display one URL but open a different one, possibly containing malicious content.
When the user clicks the notification to open the said website, the malicious QR code will, in fact, open a different website in Safari. We've tested the vulnerability on our iPhone 7 unit running iOS 11.3 beta 6 and can confirm it's there, as Apple did not fix the issue despite it being reported since December last year.
You can see the vulnerability in action below. There haven't been any reports of this iOS 11 QR code reader flaw spreading in the wild lately, but until Apple decides to fix it, stay away from strange QR codes, and pay attention to what websites are opened in Safari when trying to scan a QR code for a specific page.
