Apple iOS 11.3.1 Fixes QR Code Security Flaw
Less than a month after its last set of security updates, Apple released a new set of security patches for both iOS and macOS on April 24. Although Apple's advisory provides few details, the actual spoofing issue was in the in QR code reader capabilities. On March 24, security researcher Roman Mueller publicly reported the flaw, which he labeled as a QR code URL parser bug. According to Mueller, both the URL parser in iOS and the one used in macOS were able to be manipulated to show a different hostname in the notification window for a QR code scan than what actually is opened in Safari.
No comments: