“Serious Privacy And Security Vulnerability” Discovered In The iOS 6 Firmware Generation

A bug in iOS 6 has been discovered by AppleInsider today that relates to JavaScript. You see, in the iOS 6 firmware generation Apple introduced a new feature called “Smart App Banners” that essentially allow developers to promote their applications when you visit their website in a banner that looks native. The problem is, is that these banners run using JavaScript and will actually turn on JavaScript on your iPhone, iPod Touch or iPad if you have it disabled.

AppleInsider actually set up an example that allows you to see for yourself how this bug works. What you have to do is turn JavaScript off on your iOS device, launch Safari, visit the URL we linked to previously and then view the test page that will turn Javascript back on. You can verify that JavaScript was turned back on by going back into the Settings app on your device.

iOS 6 Bug That Enables Javascript Automatically Discovered

This bug is present in all builds of iOS 6 on all devices and even remains in the latest 6.1 beta. But just how bad is this bug really?

Peter Eckersley, technology products director with digital rights advocacy group the Electronic Frontier Foundation, said he would characterize such an issue as a “serious privacy and security vulnerability.”

Neither Eckersley nor the EFF had heard of the bug in iOS 6, nor had they independently tested to confirm that they were able to replicate the issue. But Eckersley said that if the problem is in fact real, it’s something that Apple should work to address as quickly as possible.

“It is a security issue, it is a privacy issue, and it is a trust issue,” Eckersley said. “Can you trust the UI to do what you told it to do? It’s certainly a bug that needs to be fixed urgently.”

JavaScript is used by almost every website to make a rich web experience, but it also opens up to detailed user tracking that has the potential to tell advertisers personal information about you. The amount of people who disable JavaScript is far and few in between, but for those who this is certainly not good.

The only advice given at this time was to stop browsing the web on a mobile device if your privacy and security means that much to you. This is the only thing you can do until Apple fixes the bug. Are you worried about this new bug? Most people shouldn’t be, but is there anyone who actually disables JavasScript?

Don't forget to follow iJailbreak.com on Facebook, Twitter and Google+.
  • Johnny B.

    I just tried it… The link brought me to a page that said “Javascript is working”. I went back to Settings to check – Javascript toggle is STILL OFF! Btw I’m on v6.0.2.. so I guess Apple fixed it eh? ;)