Infosec has discovered a potential exploit using the QR code-reading capabilities of the iOS Camera app that would allow one URL to be displayed while directing users to another hidden link.
The simple code tweak allows those generating a QR code to set their link to display a safe-looking or familiar URL in the iOS confirmation box that pops up when a QR code is scanned, only to deliver the user to another URL entirely that was placed later in the code.
The issue has been reported to Apple but hasn’t been fixed yet.
Advertisements