Privacy Ninja



        • Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Apple iOS Safari Feature Can Be Used To Share “Fake News” Headlines

Apple iOS Safari Feature Can Be Used To Share “Fake News” Headlines

A link-sharing feature in mobile versions of the Apple Safari browser makes it possible for users of iPhone, iPad, and iPod Touch to alter headlines when sharing excerpts from webpages.

A researcher has raised concerns this feature can be abused not only for pulling harmless pranks but for sharing “fake news” having a wider impact.

What is the feature?

When browsing webpages, such as news articles in the Safari web browser on an iPhone or iPad, users can choose to select and share a partial text excerpt from the page, rather than the entire page itself.

However, the text excerpt can also come from a text input field that the user can control and edit.

When sharing an excerpt from a page with other iPhone users via iMessage, the link preview generated contains the value of this shared text itself, rather than the webpage’s original headline.

In other words, users can type an arbitrary text value in the search bar field of news websites, and then “share” this text value via iMessage.

The link preview generated by iMessage, as shown below, will falsely give off the impression as if that user-generated text is the actual headline of the page.

Also Read: Going Beyond DPO Meaning: Ever Heard of Outsourced DPO?

A Proof of Concept video shared by Josh Long of Intego with BleepingComputer
(video frames containing personal information redacted)

The behavior can be reproduced specifically when the Apple device is held in landscape orientation and when sharing links via iMessage between iPhone users.

So, sharing content in this manner from iPhone to Android would not result in this behavior.

This “prank” was previously reported by MacRumours in 2019 who had also pointed out there were some legitimate use-cases of this feature.

“It’s actually a useful feature that’s great for pointing out specific passages in blogs, news articles, and more,” Juli Clover, the website’s editor had said earlier.

But Josh Long who is the Chief Security Analyst at Intego believes beyond harmless pranks, this feature can have a wider impact if abused to spread false information.

“Currently there is nothing to prevent a user from typing a misleading headline or other deceptive text into a field and making it part of the page preview,” explained Long in Intego’s blog post from 2019.

“While MacRumors calls the flaw ‘fun’ and notes that it can easily be exploited as a prank, we feel that all iMessage users should take caution, as the flaw could also potentially be used in more sinister attacks, for example as a means to try to get financial investors to buy or sell stocks in a panic based on false headlines.”

Intego’s follow-up report to the 2019 one had been released end of October 2020, just in time for U.S. Presidential Election when much scrutiny surrounded “fake news” and the negative impact it can have on the democratic process.

Issue made public for months, Apple won’t fix

Although findings related to this issue were made public as early as 2019, the latest Apple iOS devices continue to ship with this feature enabled.

Long tells BleepingComputer he has tested the latest versions of iOS released this month but the feature, or rather the problem continues to persist.

“I am still able to reproduce this in the final (public) release of iOS 14.2, which was released nearly a week after I reminded Apple’s security team about the problem.”

“I also confirmed that iOS 12.4.9, released the same day, is also still affected,” Long told BleepingComputer.

In a timeline shared by Long with us, since Intego’s 2019 blog post (linked above) had warned how this feature could be abused for stock manipulation scams, more than a year went by.

Last month, Intego contacted Apple to inquire if the issue would be fixed but did not hear back.

Also Read: Limiting Location Data Exposure: 8 Best Practices

Consequently, Intego released a follow-up blog post warning everyone the feature could be abused for election interference by spreading “fake news” headlines.

On November 5th, Apple released iOS 14.2, iPadOS 14.2, and iOS 12.4.9, none of which resolved the bug.

We are not aware if this feature has indeed been exploited on a large scale to conduct activities such as stock manipulation or election interference, but that is not to say concerns raised by Intego should be overlooked.

BleepingComputer reached out to Apple for comment on this issue but we have not heard back yet.

For those interested in testing this feature out themselves, a detailed PoC video is available on YouTube.



Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection


We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.


Click one of our contacts below to chat on WhatsApp

× Chat with us