Join top executives in San Francisco on July 11-12, to hear how leaders are integrating and optimizing AI investments for success. Learn More
Facebook is pushing out an important update to its Messenger app, fixing a flaw that allowed potentially expensive phone calls to be made without user consent, says Tech Radar.
The security gap was first discovered last week by developer Andrei Neculaesei. Neculaesei found that Apple’s mobile iOS has a hole that allows developers to create a URL that automatically dials a phone number when the link is clicked. If that link is clicked inside a mobile web browser, a message will pop up asking if you want to proceed to make the call. However, “when a user opens a URL with the tel scheme in a native app, iOS does not display an alert and initiates dialing without further prompting the user” writes Apple in its developer reference guide.
So far, Facebook is the only company to respond to the threat, though the update hasn’t hit the App Store yet. The company told Tech Radar it would be releasing an update in the next few days. Google Plus, Gmail, and any other app that doesn’t have a custom framework for tel links are also susceptible to these kind of attacks.
Join us in San Francisco on July 11-12, where top executives will share how they have integrated and optimized AI investments for success and avoided common pitfalls.
To date, Apple hasn’t commented on the security flaw.
VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Discover our Briefings.