iOS 6 Bug Turns JavaScript On Without the User’s Consent

Security researchers have mixed opinions about the seriousness of the flaw

By on December 22nd, 2012 12:25 GMT

Users who choose to turn off JavaScript in the iOS Safari web browser may think they’re out of harm’s way, but Smart App Banners will automatically turn JavaScript back on without notifying them. Worse yet, the toggle remains permanent.

A technology products director with digital rights advocacy group the Electronic Frontier Foundation, Peter Eckersley says this is a “serious privacy and security vulnerability,” according to AppleInsider.

“It is a security issue, it is a privacy issue, and it is a trust issue,” he said. “Can you trust the UI to do what you told it to do? It's certainly a bug that needs to be fixed urgently.”

However, Mac security specialist Intego has a different take on the matter. The company’s Lisa Myers says the issue isn't all that serious yet.

“At the moment it doesn't pose a threat, but we'll continue to monitor it to make sure it doesn't become more exploitable,” she says. “There's also the fact that few people actually disable JavaScript completely as it can partially, or totally, disable the majority of websites,” according to Myers.

Comments