Researcher Colleen Mulliner found a vulnerability in iOS that makes the iPhone the victim to call a given phone number. Failure associated with the features of the WebView component.
This problem was first discovered back in 2008 in the Safari browser, notes Xakep. It was fixed with the release of iOS 3.0. A new variation of the vulnerability, according to Mulliner, working by analogy with the previous, but it affects apps like Twitter, LinkedIn, Facebook, Pocket and others.
The problem arises from the way the framework handles the WebView links to phone numbers embedded in site pages, that is, the TEL URI of the form tel:< phone number >. When the user clicks on such a link, the WebView automatically makes a call to a specified number. The problem is that if the attacker lured the victim to a page that uses meta-refresh to reload with a new URL and point to a TEL URI, the phone will automatically call a specified number.
The problem is that clicking on a dangerous link, the user can’t even cancel the call, because at this point, the OS opens another app and iOS interface freezes. Moreover, the launch of the second application to exploit the exactly defined exported researcher implemented the simplest way: it is only necessary to slip the victim a URL that will force the OS to launch another application.
The researcher was able to reproduce the attack on Twitter and LinkedIn, but he is convinced that the failure is relevant to many other applications.