[Openid-specs-ab] Issue #2066: Additional Security Considerations for Custom URI Schemes on iOS (openid/connect)
mbj
issues-reply at bitbucket.org
Sat Sep 23 22:19:35 UTC 2023
New issue 2066: Additional Security Considerations for Custom URI Schemes on iOS
https://bitbucket.org/openid/connect/issues/2066/additional-security-considerations-for
Michael Jones:
Tom Jones suggested adding this additional Security Considerations text about Custom URI Schemes on iOS:
> While it is possible to assign handlers to URIs, and it is possible that the o/s could help the user select the correct handler, it is not possible to guarantee that the handler for a given URI has not been completely taken over by a subsequently installed native app. At the time this was written there appears to be no fool-proof mitigation for this vulnerability.
Responsible: Michael Jones
More information about the Openid-specs-ab
mailing list