Malicious Websites Can Initiate Skype Calls On iOS

An anonymous reader writes "In this article, security researcher Nitesh Dhanjani shows how iOS insecurely launches third-party apps via registered URL handlers. Malicious websites can abuse this to launch arbitrary applications, such as getting the Skype.app to make arbitrary phone calls without asking the user. Dhanjani 'contacted Apple's security team to discuss this behavior, and their stance is that the onus is on the third-party applications (such as Skype in this case) to ask the user for authorization before performing the transaction.' He also discusses what developers of iOS apps can do to design their software securely and what Apple can do to help out."

Re:3rd Party Responsibility?

[pgmrdlm]

How about Apple puts in a fix to automatically deny this access, UNLESS the app itself overrides that position?

Apple can say they resolved the issue and now it is solely on the application itself for overroding the setting. This also would not make the user constantly verify they want to do something, UNLESS the application itself requested that type of input.

By the way, I hate apple as much as I hate Microsoft.