Was recently discovered a new vulnerability devices iPhone which allows triggering calls by numbers surcharge without the knowledge of users through certain iOS applications.
Apparently, this vulnerability can be exploited schemes URI (Uniform Resource Identifier) To make calls to different phone numbers. Most times, phone numbers are displayed as links devices mobile devices in different contexts: SMS, IM conversations or e-mails. This method of display is a description that says the device URI where to find or how to use the information: for example, when giving tap / click on Email Address displayed as a link is The e-mail is launched to facilitate sending a message to address. The same is true for the telephone numbers.
When a iPhone User click on a phone number displayed as link in Safari, mobile browser displays a pop-up which asks the user if he wants to make sure a call to that number. Unfortunately this is not the case for other applications native iOS (e.g FaceTime, Facebook Messenger, gmail or Google+) Assiduously used by iPhone users (although these applications have the option to display a warning for such situations, it is the default mode disabled). Thus, if a user accidentally give tap on a phone number received in a email or Facebook / Google+It can make a phone call the respective number without being aware of it. Using this vulnerability, malicious people can create scripts that can cause the performance of calls undetected by simply viewing the phone number (Developer who discovered this vulnerability, Andrei NiculaeseiHas made such a demonstration on his blog, showing how a malicious link sent by Facebook Messenger launching a call to a telephone number simply view link respectively).
There vulnerability (phone calls with no warning) Was identified only popular applicationsBut it is possible that it exist in many other iOS applications. Facebook was the only developer who said immediately after the discovery of vulnerability that will launch soon a Update for Messenger to solve this problem. No Apple and any other developers of applications that have this exploit not made statements on this date.