A bug in Apple’s WebView allow an attacker to initiate phone calls without user confirm

Twitter and LinkedIn iOS apps are vulnerable! The security researcher Collin Mulliner has discovered an exploitable vulnerability in Apple’s WebView that could allow phone calls to a number of the attacker’s choosing. iOS WebViews can be used to automatically call an attacker controlled phone number. The attack can block the phone’s UI for a short…