Submitted by will_flyers t3_z84x5x in iphone

I always thought iOS was sandboxed and basically immune to any malicious scripting.

When trying to watch the USA vs Iran game on a not so legitimate site, I watched my iphone screen run a script, and automatically and very fast log into one of my account settings somewhere (i think it was an email account or Apple ID, it was too fast to see) and paste in a random link into what appeared to be a “subscription” box. It then closed the page.

I am trying to find the setting it modified but for the life of me find the a screen.

I am on an iPhone 11 on the newest iOS (which im starting think might have some security flaws)

EDIT - it modified “Subscriptions” under the Apple ID. I watched it paste a link in a dialogue box in there. When I go to check Subscriptions now, it does not show that same dialogue box.

1

Comments

You must log in or register to comment.

joaomgabaldi t1_iy9s60u wrote

I suggest you to perform a factory reset

1

will_flyers OP t1_iy9si7t wrote

I will but a bit worried as it was under the Apple Id and don’t want whatever script it just ran to remain there after resetting.

I dont understand how it did that. Only Apple certificates are trusted.

1

Whiplash104 t1_iy9sidf wrote

Look at your safari browser history. Maybe you'll get a clue there.

1

Whiplash104 t1_iy9tegu wrote

So go to settings>Calendar and look at subscribed calendars. It may have subscribed you to a calendar via a URL with an .ics at the end of the link. That should be harmless and this is something that can be done from a web browser (usually intentionally.)

It SHOULD be harmless. I mean who knows if someone found a zero day vulnerability that can be deliver via calendar subscriptions but I doubt it.

1

TheProblematicG3nius t1_iy9xtbq wrote

It modifies you calendar we have customers come in with this all the time. Its more to annoy you than anything

1

Whiplash104 t1_iy9zzj4 wrote

Wait, US Holidays is the subscription? That's a default that just comes with iOS based on your region. You don't subscribe/unsubscribe from that as an account or subscription. I just hide that. Honestly never thought to try to unsubscribe, personally. When you open the calendar, tap calendars at the bottom, scroll down, and you can just uncheck that to stop showing it.

https://support.apple.com/guide/iphone/use-the-holidays-calendar-iph80d93ac49/

Change your primary holiday calendar to a different region

  1. Go to Settings 📷 > General > Language & Region, then tap Region.
  2. Tap a region, then tap Change to [region].
  3. In Calendar, tap Calendars at the bottom of the screen.
  4. Deselect the Holidays calendar, then select it again.

Note: To subscribe to a holiday calendar from a different region, see Set up multiple calendars on iPhone.

1

will_flyers OP t1_iya2nlg wrote

I was thinking that it was a duplicate that was named as ‘US Holidays’. Because there are already US Holidays that are set to each account that is setup. This one in particular at the bottom of the list under “Other”.

1

Whiplash104 t1_iya3iwp wrote

Oh I see. Yeah that's the legit iOS calendar. I have US Holidays, Birthdays, and Siri Suggestions under "Other."

I actually sync with Google Calendars (multiple) and don't even use iOS or iCloud calendars and of course Google has their own.

I do have one and it's in a separate section called "subscribed."

1