Flaw in iOS11 camera QR code scanning can cause users to visit malicious websites

The camera app in iOS 11 adds a new QR code scanning feature that automatically recognizes much content such as websites, App Store links, and WiFi. Users discovered over the weekend that there were serious vulnerabilities in the iOS 11 camera app. According to the Infosec report, the researchers found that the QR code scanned by the iOS 11 camera app may deceive users, and the scanned website information is different from the actual website information. This leads to different websites for users to actually visit.

Infosec used this flaw to create a two-dimensional code. When the user scans, he is prompted to visit: facebook.com, but he visits Infosec’s own website after opening.

Infosec believes that the camera app can’t handle the URL in the QR code correctly. Since its release in September last year, iOS 11 has had many problems, including blows and ghost bugs affecting all iOS and Mac devices. Infosec said that the QR code vulnerabilities have been submitted to Apple on December 23 last year. However, Apple has not yet fixed this issue.