has profited from look for items on mobile. Currently the marketplace plans to add mobile…
However, along with this, Apple has provided methods for exchanging a limited set of data between programs.
URL schemes that used for this purpose, allow developers to launch applications using special links. For example: facetime: //, whatsapp: //, fb-messenger: //.
“The URL Schemes function as portals for apps to receive information from other apps. Since Apple allows different apps to declare the same URL Scheme, malicious apps can hijack sensitive data of certain apps. This vulnerability is particularly critical if the login process of app A is associated with app B”, — say Trend Micro specialists.
It works like this: when user is in a browser on a certain site, clicks the link “Contact us on Whatspp”. Due to the use of the URL scheme, launched messenger with all the necessary information.
Read also: Apple Watch’s Walkie Talkie Vulnerability allowed overhearing on other people’s conversations
Trend Micro researchers have concluded that using an URL scheme by an attacker could create certain risks for users.
“IOS allows multiple applications to link a single URL scheme. For example, the Sample: // scheme can use two completely different applications. Thus, a malicious application can use a completely legitimate and well-known scheme”, – says the Trend Micro report.
Such an attack is particularly dangerous if the user completes the process of logging into the account. By successfully exploiting this vulnerability, an attacker may intervene in the process of exchanging confidential data between legitimate applications.
Pectorsed.com is a site that tries to trick you into clik to its browser notifications…
News-wogago.com is a site that tries to force you into subscribing to its browser notifications…
Grimpoaltoumpa.com is a site that tries to force you into subscribing to its browser notifications…
News-cekufa.com is a site that tries to force you into clik to its browser notifications…
News-nevawo.com is a domain that tries to trick you into clik to its browser notifications…
News-vuyexu.com is a domain that tries to force you into subscribing to its browser notifications…