Malicious Websites Can Initiate Skype Calls On iOS 177
An anonymous reader writes "In this article, security researcher Nitesh Dhanjani shows how iOS insecurely launches third-party apps via registered URL handlers. Malicious websites can abuse this to launch arbitrary applications, such as getting the Skype.app to make arbitrary phone calls without asking the user. Dhanjani 'contacted Apple's security team to discuss this behavior, and their stance is that the onus is on the third-party applications (such as Skype in this case) to ask the user for authorization before performing the transaction.' He also discusses what developers of iOS apps can do to design their software securely and what Apple can do to help out."
Re:3rd Party Responsibility? (Score:4, Funny)
And in the update tech document, that catalogs the changes, it will give a description of the problem, what has been done to fix it and then "credit to Nitesh Dhanjani for reporting this issue". You know, like all the other security update knowledgebase articles on Apple's site.
Re:3rd Party Responsibility? (Score:4, Funny)
"You are coming to a sad realization, Cancel or Allow?"
I know I've heard that somewhere, but for the life of me I just can't remember where...