A link sharing feature in iOS versions of Safari allows iPhone, iPad, and iPod Touch users to change their titles when sharing parts of webpages.
One researcher has expressed concern that this feature could be used to spread "fake news" that have a wider impact.
What is the feature?
When browsing web pages, such as articles in the Safari web browser on iPhone or iPad, users can select and share a snippet of text from the page instead of the entire page.
However, the text snippet can also come from a "text input field" that the user can control and edit.
When you share a snippet of a page with other iPhone users via iMessage, the link preview generated changes and the original title of the webpage is not obvious.
In other words, users can enter an arbitrary text value in its field search bar news sites and then "share" this text value through iMessage.
The link preview created by iMessage, as shown below, will falsely give the impression that user-generated text is the actual title of the page.
Behavior can be played especially when the Apple device is in “landscape orientation ”and when sharing links with iMessage among iPhone users.
So sharing content this way from iPhone to Android would not result in this behavior.
This "feature" was previously reported by MacRumours in 2019, which pointed out that there were some legal cases of using this feature.
However, Josh Long, who is the chief security analyst at Intego, believes that in addition to some harmless pranks, this feature can have a wider impact if used to spread false information (so-called fake news).
"At the moment there is nothing to stop a user from entering a misleading title or other misleading text in a field and making it part of the page preview," Long explained on the Intego 2019 blog.
The issue was made public months ago and Apple has not fixed it
Although findings related to this issue have been made public since 2019, the latest Apple devices continue to ship with this feature enabled.
We do not know whether this feature has actually been used on a large scale to carry out activities such as manipulating the public or interfering with elections, but that does not mean it should overlooked The worries raised by Intego.
For those interested in trying out this feature for yourself, there is a detail PoC video on YouTube.
Source of information: bleepingcomputer.com