or Connect
AppleInsider › Forums › General › General Discussion › Apple's iOS 6.1 squashes 'Smart App Banner' bug that re-enabled JavaScript without user consent
New Posts  All Forums:Forum Nav:

Apple's iOS 6.1 squashes 'Smart App Banner' bug that re-enabled JavaScript without user consent

post #1 of 8
Thread Starter 
With the release of iOS 6.1 on Monday, Apple addressed a potentially serious bug introduced in iOS 6 that would override a user's Mobile Safari JavaScript settings after visiting a webpage with a so-called "Smart App Banner."

JavaScript Bug
Apple's iOS 6.1 fixes a JavaScript bug that would turn on JavaScript in Mobile Safari without a user's consent.


According to Apple's Support Webpage regarding iOS 6.1 security enhancements, and confirmed by AppleInsider, a bug that would inadvertently re-enable JavaScript in Mobile Safari without user interaction has been fixed in a tweak to the iOS StoreKit.

The issue first appeared when the Smart App Banner feature was instituted in iOS 6. Smart App Banners allowed developers an easy way to promote their iOS app within Safari by automatically scanning and detecting whether a specific app is on a user's device. If present, the banner invites the user to exit Safari and open the standalone app. If the system does not detect the app, the smart banner will offer a link to download the software from the App Store.

As seen in the example above, Pinterest's iOS app is not installed, thus a banner directing the user to install the app is displayed at the top of the service's web portal.

From the release notes:

Description: If a user disabled JavaScript in Safari Preferences, visiting a site which displayed a Smart App Banner would re-enable JavaScript without warning the user. This issue was addressed by not enabling JavaScript when visiting a site with a Smart App Banner.

Other security problems addressed with iOS 6.1 include a number of WebKit bugs including a memory corruption issue that could lead to the execution of arbitrary code or cause an app to unexpectedly quit after visiting a maliciously crafted website.

Apple released the latest version of iOS 6 earlier on Monday, bringing enhancements to iTunes Match, the ability to purchase movie tickets with Siri, support for more LTE carriers and a host of minor bug fixes and backend improvements.
post #2 of 8
Yay! I'm glad. Although since you guys posted the story and found out it was related to the smart banners, I got used to going back to the Settings to re-disable JS whenever I see one.

Thanks for the update! 1smile.gif

dZ.
post #3 of 8
These are the kind of AI articles I like. Useful info.

The JS setting was on when I checked it, so I turned it off. ESPN's site (for example) says that it requires JavaScript for "optimal viewing experience." I'm not a seasoned pro like many of you are, but it seems like a privacy issue to me. If it is scanning your phone to determine if you have the app on your phone then no telling what other info they are pulling w/out your knowledge.
post #4 of 8
Hopefully they fixed the camera app bug. Every now & then when I switch from video to picture mode the button would continue to be the video icon (with a blinking red light in the middle) even though pressing it now takes a photo.

Please update the AppleInsider app to function in landscape mode.

Reply

Please update the AppleInsider app to function in landscape mode.

Reply
post #5 of 8

HOLY CRAP !!!!

 

This finally fixes the sort order of events and albums, in the Photo App.

This was an issue for me since "forever" !!!

post #6 of 8
I wonder if it fixes the issue of where trying to dismiss the notification on YouTube always opens the application.

The black cross is to dismiss Google not go to the application. Every other app I can dismiss but no YouTube...
post #7 of 8
Quote:
Originally Posted by Wide with Pride View Post

These are the kind of AI articles I like. Useful info.

The JS setting was on when I checked it, so I turned it off. ESPN's site (for example) says that it requires JavaScript for "optimal viewing experience." I'm not a seasoned pro like many of you are, but it seems like a privacy issue to me. If it is scanning your phone to determine if you have the app on your phone then no telling what other info they are pulling w/out your knowledge.

 

The API scans your phone, not the site itself. The site has no idea what is on your phone as it is opaque to the site. Your device checks for the app, and shows you a result based on it being there or not. So it is not a privacy thing as the site never knows.

post #8 of 8
And at the same time paved the way for the iOS 6.1 untethered JailBreak!
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: General Discussion
AppleInsider › Forums › General › General Discussion › Apple's iOS 6.1 squashes 'Smart App Banner' bug that re-enabled JavaScript without user consent