O iOS 11 it has an interesting feature that, I think, took a long time to be implemented by Apple. I speak of the reader QR codes native.
You simply open the Cmera app (with the option “Photo” selected in the advance being “Video”, for example) and point to the code in question. By doing this, you will be redirected to the indicated content. We have already made an article explaining how it works.
This week, however, they discovered a new vulnerability in iOS 11 which affects just such a feature. According to Infosec, it is easy to deceive the resource by causing it to display one URL but end up visiting another. They even demonstrated the problem with a QR code that, when read by the Cmera app, asks if you want to open the facebook URL but directs you to another website.
This is a simple trick when incorporating a slightly modified URL into the QR code. The problem with something like this is that an evildoer pretends to be disclosing a URL for a product or service and actually directs users to some page that tries to capture sensitive information (such as logins and passwords) via phishing.
According to the Infosec, the bug was reported to Apple on December 23, 2017, but has not yet been fixed. We will see if, now, with his public disclosure, things will be resolved.
For these and others, always pay attention to where you are sailing.
via iPhone Hacks