The link sharing feature in the iOS versions of Apple’s Safari lets iPhone, iPad, and iPod Touch users change headlines when sharing portions of webpages.
One researcher raised concerns that this feature could be misused to spread fake news.
When browsing web pages, such as news articles in the Safari web browser on an iPhone or iPad, users can select and share a partial text snippet of the page, rather than the entire page.
However, the text snippet can also come from a text input field that the user can control and edit.
And when you share a snippet from a page with other iPhone users via iMessage, the generated link preview contains the value of that shared text itself, rather than the web page’s original address.
In other words, users can type a random text value into the search bar field for news websites, and then share that text value via iMessage.
And the link preview generated via iMessage mistakenly gives the impression as if this user-generated text were the actual title of the page.
The behavior can be specifically reproduced when the Apple device is kept in landscape orientation and when links are being shared via iMessage between iPhone users.
So, sharing content in this way from iPhone to Android will not lead to this behavior.
There are some legitimate use cases for this feature, so that it is useful for referring to specific paragraphs in blog posts and news articles.
Josh Long, chief security analyst at Intego, thinks the feature could have a wider impact if it is misused to spread false information.
Long explained in a blog post: There is currently nothing to prevent a user from typing a misleading title or other misleading text into a field and making it part of the page preview.
And all iMessage users should be careful, as the flaw can be used as a way to persuade financial investors to buy or sell stocks based on false headlines.
The results related to this issue were announced early in 2019, but the latest iOS devices from Apple continue to ship with this feature enabled.