Apple’s iOS 10.3 Fixes Exploit Used to Repeatedly Dial 911

Apple’s latest iOS 10.3 release patches a flaw that can be used to repeatedly dial a phone number, accidentally exploited last year to redial 911 call centers.

According to a report from The Wall Street Journal, the vulnerability was first discovered by an 18-year-old in Arizona who took advantage of a JavaScript flaw in a bid to collect a bug bounty last year.

Last October, Meetkumar Hiteshbhai Desai, acting on a tip about a potential iOS flaw, wrote and shared code that caused target iPhones to continually dial 911 emergency call centers. Shortly after the code was published, the Arizona Police Department received more than 100 hang-up 911 calls within a few minutes.

The Maricopa County Sheriff’s Office traced the calls and discovered they originated from a link Desai posted to Twitter. Users who clicked the link would find their iPhone automatically dial emergency services. The massive call volumes had the potential to shut down 911 services across Maricopa County.

In previous versions of iOS, the call would be automatically triggered if the user clicked on a phone number within an app like Twitter or Message. In iOS 10.3, Apple has put a secondary confirmation screen in place to reduce the potential of unintended calls.