Guides
How to Install macOS Big Sur Public Beta

The macOS Big Sur Public Beta is now available. Here's how to get it.

How to Install iOS 14 Beta

iOS 14 Public Beta is out now. Learn how to get it on your iPhone or iPad

Should you buy a Mac now or wait for Arm Macs?

Wait for Arm? Or just buy a Mac now? Let's discuss.

iOS 14: How to Pin and Unpin Conversations in Messages

Apple has made it easier to keep track of conversation threads in Messages by allowing users to pin threads in the app.

iOS 14: How to Send Inline Replies in Messages
iOS 14: How to Mute Conversations in Messages
iOS 14: How to Search for Emoji
iOS 14: How to Hide Home Screen App Pages
iOS 14: How to Use the App Library
iOS 14: How to Download New Apps to the App Library
See more guides
Upcoming
iOS 14
Fall 2020

Previewed at WWDC in June.

macOS 11 Big Sur
Fall 2020

Apple's next-generation macOS operating system.

iMac
Late 2020

iPad Pro-like design? New screen sizes?

iPhone 12
September 2020

Four new phones in three sizes expected with 5G and new AR capabilities.

AirTags
AirPods Studio
Apple Glasses
Foldable iPhone
See full product calendar

iOS 11 QR Code Vulnerability in Camera App Could Lead Users to Malicious Websites

by

A new vulnerability within iOS 11 was uncovered over the weekend, this time centering upon the QR code scanner in the iPhone camera app. With the new scanning feature in iOS 11, users can open the Camera app on iPhone or iPad, point the device at a QR code, and tap a notification to access whatever the code contains.

In a new report by Infosec, the researchers discovered that QR codes related to website links can potentially trick users by displaying an "unsuspicious" website link in the notification, while actually leading them to a completely different site. Infosec showed this off by creating a QR code that generates a notification to "Open 'facebook.com' in Safari", but then leads to its own website.


Infosec explained that the Camera app isn't properly parsing URLs in QR codes, and appears to be tricked by simply editing URLs with a few extra characters:

The URL embedded in the QR code is: https://xxx\@facebook.com:443@infosec.rm-it.de/

But if you tap it to open the site, it will instead open https://infosec.rm-it.de/

The URL parser of the camera app has a problem here detecting the hostname in this URL in the same way as Safari does. It probably detects “xxx\” as the username to be sent to “facebook.com:443”. While Safari might take the complete string “xxx\@facebook.com” as a username and “443” as the password to be sent to infosec.rm-it.de. This leads to a different hostname being displayed in the notification compared to what actually is opened in Safari.

iOS 11 has faced a number of bugs and issues since its launch last September, including one that was fixed in December that allowed unauthorized access to HomeKit devices.

For the QR code issue, Infosec said that it reported the problem to the Apple security team on December 23, 2017, and as of March 24, 2018 it has not yet been fixed.

Top Rated Comments

(View all)
Avatar
Aluminum213
31 months ago
At least we have Animojis!!!
Score: 9 Votes (Like | Disagree)
Avatar
chrono1081
31 months ago

My god... It’s like we’re at war against vulnerabilities.

This has always been the case and is completely normal. They're just more heavily publicized these days.
Score: 7 Votes (Like | Disagree)
Avatar
scrapesleon
31 months ago
iOS 11 belongs in the trash
Score: 7 Votes (Like | Disagree)
Avatar
shareef777
31 months ago
Mentioning Spectre/Meltdown is disingenuous and poor writing. Those vulnerabilities have absolutely nothing attributed to Apple. Those are CPU related and every machine with an x86/arm cpu is susceptible to them.
Score: 6 Votes (Like | Disagree)
Avatar
GaryMumford
31 months ago
My gripe with this MR article is, Why do they have to specifically mention Meltdown and Spectre? This was not a 'specific' iOS11 bug! This affected almost every device running any platform from any manufacturer and is unrelated to specific iOS bugs (of which there are many!!)
Score: 6 Votes (Like | Disagree)
Avatar
pete2106
31 months ago
It wouldn't be Monday without a new iOS11 vulnerability but hey, at least we have a new range of watch straps and TV shows to look forward to.
Score: 5 Votes (Like | Disagree)
Read All Comments

Top Stories

Apple Announces New 27-Inch iMac With 10th-Gen Processors, Up to 128GB RAM, 1080p Webcam, True Tone, and More

Tuesday August 4, 2020 8:07 am PDT by
Apple today announced a new 27-inch iMac with faster 10th-generation Intel Core processor options, next-generation AMD graphics, up to 128GB of RAM, a higher-resolution 1080p front-facing FaceTime camera, a True Tone display with a nano-texture glass option, a T2 chip, higher fidelity speakers, studio-quality microphones, and more. A breakdown of the new 27-inch iMac's features and specs:10th...
Read Full Article589 comments

8 Third-Party Home Screen Widgets That You Can Try Out Now on iOS 14

Wednesday August 5, 2020 12:56 pm PDT by
One of the biggest new features of iOS 14 is Home Screen widgets, which provide information from apps at a glance. The widgets can be pinned to the Home Screen in various spots and sizes, allowing for many different layouts. When the iOS 14 beta was first released in June, widgets were limited to Apple's own apps like Calendar and Weather, but several third-party developers have begun to test ...
Read Full Article32 comments

Everything New in iOS 14 Beta 4: Apple TV Widget, Search Improvements, Exposure Notification API and More

Tuesday August 4, 2020 11:14 am PDT by
Apple today released the fourth developer betas of iOS and iPadOS 14 for testing purposes, tweaking and refining some of the features and design changes included in the update. Changes get smaller and less notable as the beta testing period goes on, but there are still some noteworthy new features in the fourth beta, which we've highlighted below. - Apple TV widget - There's a new Apple TV...
Read Full Article86 comments

Apple May Launch This Year's 'iPhone 12' Lineup in Two Stages, With 6.1-inch Models Debuting First

Monday August 3, 2020 3:14 am PDT by
Apple last week confirmed that its "‌iPhone‌ 12" launch will be delayed this year due to the ongoing global health crisis and restrictions on travel. Apple last year started selling iPhones in late September, but this year, Apple projects supply will be "available a few weeks later," suggesting a release sometime in October. We're expecting a total of four OLED iPhones in 5.4, 6.1, and...
Read Full Article95 comments

Apple Explains Why You Might See 'Not Charging' When a Mac is Plugged In

Monday August 3, 2020 1:42 pm PDT by
If you have a Mac and have seen a "Not Charging" warning when plugging it in to power, Apple last week released a support document that explains why. Macs running macOS 10.15.5 or later have a Battery Health Management feature to preserve the life of the battery, and occasionally, the Battery Health Management option will cause the Mac to pause its charging for calibration purposes.Depending ...
Read Full Article86 comments

Supposed iPhone 12 Display Unit Leaks

Thursday August 6, 2020 8:13 am PDT by
An image supposedly of an iPhone 12 display unit has been shared online by leaker "Twitter user Mr. White". Compared to images of an iPhone 11 Pro display piece, this new unit has a reoriented display connector, reaching up from the bottom of the display, rather than from the left-hand side on iPhone 11 Pro. This may be due to the logic board moving to the other side of the device. A...
Read Full Article54 comments

Google's $349 Pixel 4a vs. Apple's $399 iPhone SE

Wednesday August 5, 2020 1:45 pm PDT by
Google this week launched its newest smartphone, the $349 Pixel 4a, a low-cost device that's designed to compete with other affordable devices like Apple's iPhone SE. We picked up one of the new Pixel 4a smartphones and thought we'd check it out to see how it measures up to the iPhone SE, given that the two devices have such similar price points. Subscribe to the MacRumors YouTube channel ...
Read Full Article133 comments

Apple-Acquired Dark Sky Officially Shuts Down Android App

Saturday August 1, 2020 3:43 pm PDT by
Apple in March purchased weather app Dark Sky, and at that time, Dark Sky's developers said that the app's Android version would be discontinued on July 1, 2020. However, instead of shuttering the app on that date, the app's developers announced that the discontinuation would be delayed for another month. Now that it's August, Android users are no longer able to access the app, and...
Read Full Article133 comments

Samsung Launches Galaxy Note 20, Galaxy Z Fold 2, and Galaxy Buds to Compete With Apple's iPhones and AirPods Pro

Wednesday August 5, 2020 10:07 am PDT by
Samsung today held a virtual Galaxy Unpacked event where it unveiled its next-generation smartphones that will compete with Apple's 2020 iPhone lineup, set to come out in the fall. Samsung announced the launch of the Galaxy Note 20 and the Galaxy Note 20 Ultra, the two newest devices in the Note lineup, and, more notably, the Galaxy Z Fold 2, Samsung's latest foldable smartphone. The...
Read Full Article202 comments

Alleged 'iPhone 12' Images Depict Circular Array of Magnets in Chassis

Wednesday August 5, 2020 4:39 am PDT by
New images shared on Weibo appear to show a circular array of magnets housed inside an "iPhone 12" chassis. The unverified images depict 36 individual magnets in a circular arrangement, suggesting they could be related to mounting or charging. EverythingApplePro, who shared the Weibo-originating images on Twitter, also posted an image of an alleged iPhone 12 case with a similar array of...
Read Full Article58 comments