iOS URL vulnerability!?

I’ll make it short:

If you added this in your malicious page:
<iframe src=”tel:1-408-555-5555”></iframe>

You get this:

Which is a confirmation whether or not you want to call that number.

But when you do this in your malicious page:
<iframe src=”skype://14085555555?call"></iframe>

You get this:

Which is Skype making a phone call (Where Skype should be running anyway).

It’s not just an iOS thing only. In fact, It’s mostly a Skype thing and they should place a confirmation message. But still, iOS should do something about it.

More details about the vulnerability can be found in the source below.

Source

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.