Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

Apple's iOS 6.1 squashes 'Smart App Banner' bug that re-enabled JavaScript without user consent

Apple's iOS 6.1 fixes a JavaScript bug that would turn on JavaScript in Mobile Safari without a user's consent.

Last updated

With the release of iOS 6.1 on Monday, Apple addressed a potentially serious bug introduced in iOS 6 that would override a user's Mobile Safari JavaScript settings after visiting a webpage with a so-called "Smart App Banner."


According to Apple's Support Webpage regarding iOS 6.1 security enhancements, and confirmed by AppleInsider, a bug that would inadvertently re-enable JavaScript in Mobile Safari without user interaction has been fixed in a tweak to the iOS StoreKit.

The issue first appeared when the Smart App Banner feature was instituted in iOS 6. Smart App Banners allowed developers an easy way to promote their iOS app within Safari by automatically scanning and detecting whether a specific app is on a user's device. If present, the banner invites the user to exit Safari and open the standalone app. If the system does not detect the app, the smart banner will offer a link to download the software from the App Store.

As seen in the example above, Pinterest's iOS app is not installed, thus a banner directing the user to install the app is displayed at the top of the service's web portal.

From the release notes:

Description: If a user disabled JavaScript in Safari Preferences, visiting a site which displayed a Smart App Banner would re-enable JavaScript without warning the user. This issue was addressed by not enabling JavaScript when visiting a site with a Smart App Banner.

Other security problems addressed with iOS 6.1 include a number of WebKit bugs including a memory corruption issue that could lead to the execution of arbitrary code or cause an app to unexpectedly quit after visiting a maliciously crafted website.

Apple released the latest version of iOS 6 earlier on Monday, bringing enhancements to iTunes Match, the ability to purchase movie tickets with Siri, support for more LTE carriers and a host of minor bug fixes and backend improvements.



7 Comments

dzfoo 12 Years · 12 comments

Yay! I'm glad. Although since you guys posted the story and found out it was related to the smart banners, I got used to going back to the Settings to re-disable JS whenever I see one. Thanks for the update! :) dZ.

wide with pride 11 Years · 12 comments

These are the kind of AI articles I like. Useful info. The JS setting was on when I checked it, so I turned it off. ESPN's site (for example) says that it requires JavaScript for "optimal viewing experience." I'm not a seasoned pro like many of you are, but it seems like a privacy issue to me. If it is scanning your phone to determine if you have the app on your phone then no telling what other info they are pulling w/out your knowledge.

jd_in_sb 14 Years · 1599 comments

Hopefully they fixed the camera app bug. Every now & then when I switch from video to picture mode the button would continue to be the video icon (with a blinking red light in the middle) even though pressing it now takes a photo.

BuffyzDead 17 Years · 358 comments

HOLY CRAP !!!!

 

This finally fixes the sort order of events and albums, in the Photo App.

This was an issue for me since "forever" !!!

sedicivalvole 17 Years · 231 comments

I wonder if it fixes the issue of where trying to dismiss the notification on YouTube always opens the application. The black cross is to dismiss Google not go to the application. Every other app I can dismiss but no YouTube...