Slashdot Mirror

← Back to Stories (view on slashdot.org)

Malicious Websites Can Initiate Skype Calls On iOS

Posted by Soulskill on from the buck-passing dept.

An anonymous reader writes "In this article, security researcher Nitesh Dhanjani shows how iOS insecurely launches third-party apps via registered URL handlers. Malicious websites can abuse this to launch arbitrary applications, such as getting the Skype.app to make arbitrary phone calls without asking the user. Dhanjani 'contacted Apple's security team to discuss this behavior, and their stance is that the onus is on the third-party applications (such as Skype in this case) to ask the user for authorization before performing the transaction.' He also discusses what developers of iOS apps can do to design their software securely and what Apple can do to help out."

2 of 177 comments (clear)

  1. IOS ? by ivan_w · · Score: 0, Offtopic

    IOS ?

    Isn't that CISCO's router OS ?

    (I remember IBM having to rebrand their own (formally OS/400) own OS for IBM i systems from i/OS to IBM i5 OS because they feared a CISCO suit)..

    enable
    conf term
    interface eth0
    no shutdown
    exit
    write
    exit

    --Ivan

  2. Re:Why are you wanting to close this down generall by SuperKendall · · Score: 0, Offtopic

    Where is the hypocrisy? The only hypocrisy I see evident is people attacking apple for being too closed at the same time they claim they are too permissive.

    --
    "There is more worth loving than we have strength to love." - Brian Jay Stanley