Following the release of iOS 10.3 earlier this week, a number of users reported that their iOS devices were repeatedly attempting to call 911.
The flaw was discovered by an 18-year old who found a way to use Javascript to remotely cause iOS devices to open popup alerts, open apps, and make phone calls. In an effort to show the severity of the problem, he created a code that caused iPhones to dial 911 repeatedly. All in all, he ended up being arrested and charged with four counts of computer tampering after causing thousands of accidental 911 calls.
It appears that Apple has worked with app developers to examine the issue and close the loophole.
The code only triggered 911 calls from iPhones, which exploited a feature in the underlying software that allows users to tap on a phone number and immediately initiate a call.
Apple says the update supersedes that capability and now requires users to always press a second confirmation before initiating a call.
The issue follows a report issued earlier this month in which cybersecurity experts pointed out a vulnerability in which a 911 call center could be in “immediate danger” of losing service due to an overwhelming volume of calls.
iOS 10.3 was released earlier this week and includes a host of new features, both user-facing ones as well as a variety of security fixes. Apple had originally said that it was working to fix this 911 exploit, but now that it’s officially available as part of iOS 10.3, that’s all the more reason to update.
Apple also started beta testing iOS 10.3.2 this week, leading credence to speculation that iOS 10.3.1 is right around the corner.
Stay tuned for additional details as they become available.
Via 9to5Mac and The Wall Street Journal