<\/p>\n
Update, October 2024: This flaw still hasn’t been fixed as of the 2024 U.S. presidential election cycle; see our latest article<\/a> about this story:<\/em><\/strong><\/p>\nApple still hasn’t fixed 6-year-old “fake headlines” flaw exploitable for election interference<\/a><\/p><\/blockquote>\n<\/iframe><\/p>\n<p>For nearly two years, Apple has neglected to fix a bug that enables anyone to create fake news headlines that appear to come from credible sources.<\/p>\n<p>Although <a href=\"https:\/\/www.intego.com\/mac-security-blog\/ios-safari-flaw-allows-deceptive-web-page-previews-in-messages\/\">we covered the flaw nearly two years ago<\/a>, it’s worth questioning why Apple still has not fixed it. This is especially concerning given that we’re in the final days leading up to the 2020 U.S. presidential election.<\/p>\n<p>Other “Big Tech” companies (in particular Twitter, Facebook, and Google) have <a href=\"https:\/\/www.washingtonpost.com\/technology\/2020\/10\/28\/twitter-facebook-google-senate-hearing-live-updates\/\" target=\"_blank\" rel=\"noopener noreferrer\">recently been accused<\/a> of engaging in or enabling election interference. Perhaps Apple’s neglect should be examined in this context as well.<\/p>\n<h3>How does the exploit work?<\/h3>\n<p>Originally <a href=\"https:\/\/www.macrumors.com\/2019\/02\/21\/safari-fake-headline-bug\/\" target=\"_blank\" rel=\"noopener noreferrer\">discovered<\/a> in February 2019 by the editorial team at MacRumors, there exists an implementation flaw in a Safari browser feature related to link sharing.<\/p>\n<p>The mobile version of Safari (for iPhone, iPad, and iPod touch) allows users to select text from within a Web page before tapping on the Share button, as a means of highlighting a particular portion of a page for the recipient of an iMessage. The feature is intended to allow users to include a quote from an article in the iMessage link preview.<\/p>\n<p>However, Apple does not limit the preview text selection to the contents of the page as received from the Web server, and therein lies the flaw. Users can type something into a page’s search bar (or any other text field), select the text they just typed, tap the browser’s Share button, and then tap the green-and-white Messages icon to send it to an iMessage recipient of their choice.<\/p>\n<div style=\"width: 1920px;\" class=\"wp-video\"><!--[if lt IE 9]><script>document.createElement('video');<\/script><![endif]-->\n<video class=\"wp-video-shortcode\" id=\"video-92467-1\" width=\"1920\" height=\"886\" loop=\"1\" autoplay=\"1\" preload=\"metadata\" controls=\"controls\"><source type=\"video\/mp4\" src=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2019\/02\/iOS-Safari-iMessage-bug-false-headline-demonstration.mp4?_=1\" \/><a href=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2019\/02\/iOS-Safari-iMessage-bug-false-headline-demonstration.mp4\">https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2019\/02\/iOS-Safari-iMessage-bug-false-headline-demonstration.mp4<\/a><\/video><\/div>\n<p style=\"text-align: center; font-size: small;\">The bug as it appeared in iOS 13. It still works the same in iOS 14.1.<\/p>\n<p>Nothing prevents a user from typing a misleading headline or other deceptive text into a field and making it part of the page preview.<\/p>\n<p>It’s worth mentioning that the Messages app on macOS desktop and laptop computers (e.g. iMac, MacBook, etc.) will also display misleading previews sent from Safari on an iOS or iPadOS device.<\/p>\n<h3>Why hasn’t Apple done anything to stop this?<\/h3>\n<p>When MacRumors editors originally discovered this, they called the flaw “fun” and noted that it could easily be exploited for harmless pranks. However, as we pointed out in February 2019, we feel that <strong>all iMessage users should take caution, as the flaw could also potentially be used in more sinister attacks<\/strong>.<\/p>\n<p>We warned last year that this could be exploited as a means to try to get financial investors to buy or sell stocks in a panic based on false headlines, for example.<\/p>\n<p><img loading=\"lazy\" class=\"alignright size-full wp-image-43018\" src=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2015\/06\/bad-apple-170.jpeg\" alt=\"\" width=\"150\" height=\"184\" srcset=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2015\/06\/bad-apple-170.jpeg 170w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2015\/06\/bad-apple-170-122x150.jpeg 122w\" sizes=\"(max-width: 150px) 100vw, 150px\" \/>Now, in the context of a contentious presidential election, it’s disturbing to see that Apple still has not fixed this flaw. Apple has not even announced plans to mitigate the issue.<\/p>\n<p>The flaw has evidently been present in iOS for years; today we tested devices running the final version of iOS 12 (12.4.8), the current version of iOS (14.1), and even the most recent beta version of iOS (14.2 beta 4 \u2014 <strong>Update: <\/strong>We also tested iOS 14.2 RC). All of these versions of iOS\u2014and corresponding versions of iPadOS\u2014can be used to spread fake news headlines.<\/p>\n<p>Since it seems like this would be an easy thing for Apple to fix (by simply disallowing user input to be part of a link preview), it’s difficult to imagine why Apple has ignored the flaw for nearly two years.<\/p>\n<p>We invited Apple to comment on this story, but company representatives had not responded by publication time. If Apple provides a statement, we will update this article.<\/p>\n<h3>Most major news sites are affected<\/h3>\n<p>Alarmingly, <strong>the majority of news sites we tested were vulnerable<\/strong> to this attack.<\/p>\n<p><strong>We found that it was possible to send fake headlines that appear to be from Donald Trump’s and Joe Biden’s official campaign sites<\/strong> as well.<\/p>\n<p>Following are screenshots showing, as a demonstration, example fake headlines that could be sent from the ABC News, CNN, Fox News, Los Angeles Times, MSNBC, and New York Times homepages.<\/p>\n<p>Although most of these example headlines are a bit silly and unrealistic, one can imagine much more subtle and deceptive headlines that could influence people into changing how they might vote on election day.<\/p>\n<div id=\"attachment_92471\" style=\"width: 610px\" class=\"wp-caption aligncenter\"><img aria-describedby=\"caption-attachment-92471\" loading=\"lazy\" class=\"size-full wp-image-92471\" src=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2020\/10\/election-2020-safari-fake-headline-exploit-demonstration.jpg\" alt=\"Election 2020 Safari iOS Fake Headline Exploit Demonstration\" width=\"600\" height=\"888\" srcset=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2020\/10\/election-2020-safari-fake-headline-exploit-demonstration.jpg 600w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2020\/10\/election-2020-safari-fake-headline-exploit-demonstration-203x300.jpg 203w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2020\/10\/election-2020-safari-fake-headline-exploit-demonstration-101x150.jpg 101w\" sizes=\"(max-width: 600px) 100vw, 600px\" \/><p id=\"caption-attachment-92471\" class=\"wp-caption-text\">Exploit demo; not seen in the wild. Watermarked to prevent abuse.<\/p><\/div>\n<p>A few sites we tested, such as the the main homepages of CBS News and Forbes, seem to be resistant to the bug. More research needs to be done to determine why some sites are resistant while most are not.<\/p>\n<h3>Has the attack been used against the 2020 election?<\/h3>\n<p>It is impossible to know with any degree of certainty whether this bug has been exploited to spread misinformation to Apple users about this (or any other) election.<\/p>\n<p>Although we have not yet been made aware of any real-world abuse of this exploit, we do know that this bug has been widely known for 20 months, and Apple has chosen not to do anything about it. Apple’s neglect has left ample opportunity for domestic or foreign threat actors to engage in targeted campaigns to deceive individuals in specific communities or demographics, including in swing states.<\/p>\n<p>If you hear of any abuse of this bug for any unethical purposes, whether election interference or stock manipulation or otherwise, please <a href=\"https:\/\/www.ic3.gov\/Home\/FileComplaint\" target=\"_blank\" rel=\"noopener noreferrer\">report it to the FBI’s Internet Crime Complaint Center (IC3)<\/a>, and consider leaving a detailed comment on this article. You can also contact the author of this article via <a href=\"https:\/\/twitter.com\/theJoshMeister\" target=\"_blank\" rel=\"noopener noreferrer\">Twitter direct message<\/a>.<\/p>\n<h3>How can I learn more?<\/h3>\n<p>You can find our original coverage of this Safari bug, from February 2019, here:<\/p>\n<blockquote class=\"wp-embedded-content\" data-secret=\"k1vJO96dx0\"><p><a href=\"https:\/\/www.intego.com\/mac-security-blog\/ios-safari-flaw-allows-deceptive-web-page-previews-in-messages\/\">iOS Safari flaw allows deceptive news headlines in Messages<\/a><\/p><\/blockquote>\n<p><iframe class=\"wp-embedded-content\" sandbox=\"allow-scripts\" security=\"restricted\" style=\"position: absolute; clip: rect(1px, 1px, 1px, 1px);\" title=\"“iOS Safari flaw allows deceptive news headlines in Messages” — The Mac Security Blog\" src=\"https:\/\/www.intego.com\/mac-security-blog\/ios-safari-flaw-allows-deceptive-web-page-previews-in-messages\/embed\/#?secret=k1vJO96dx0\" data-secret=\"k1vJO96dx0\" width=\"500\" height=\"282\" frameborder=\"0\" marginwidth=\"0\" marginheight=\"0\" scrolling=\"no\"><\/iframe><\/p>\n<p>Subscribe to our <strong>e-mail newsletter<\/strong> and keep an eye here on <strong>The Mac Security Blog<\/strong> for updates to this story and all the latest Apple security news.<\/p>\n<p><a href=\"https:\/\/podcasts.apple.com\/us\/podcast\/intego-mac-podcast\/id1293834627\" target=\"_blank\" rel=\"noopener noreferrer\"><img loading=\"lazy\" class=\"alignright size-thumbnail wp-image-71818\" src=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/10\/ios9-podcasts-app-tile-150x150.png\" alt=\"\" width=\"50\" height=\"50\" srcset=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/10\/ios9-podcasts-app-tile-150x150.png 150w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/10\/ios9-podcasts-app-tile-32x32.png 32w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/10\/ios9-podcasts-app-tile-50x50.png 50w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/10\/ios9-podcasts-app-tile-64x64.png 64w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/10\/ios9-podcasts-app-tile-96x96.png 96w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/10\/ios9-podcasts-app-tile-128x128.png 128w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/10\/ios9-podcasts-app-tile.png 300w\" sizes=\"(max-width: 50px) 100vw, 50px\" \/><\/a>You can also subscribe to the <strong>Intego Mac Podcast<\/strong> in <a href=\"https:\/\/podcasts.apple.com\/us\/podcast\/intego-mac-podcast\/id1293834627\">Apple Podcasts<\/a>, <a href=\"https:\/\/www.amazon.com\/Intego-Mac-Podcast\/dp\/B08K5C5LPR\/\" target=\"_blank\" rel=\"noopener noreferrer\">Amazon Music or Audible<\/a>, or <a href=\"https:\/\/podcast.intego.com\">wherever else you listen<\/a> to make sure you never miss the latest episode. We discussed this Safari bug way back in <a href=\"https:\/\/podcast.intego.com\/71\" target=\"_blank\" rel=\"noopener noreferrer\">episode 71<\/a>:<\/p>\n<p><iframe loading=\"lazy\" src=\"https:\/\/player.fireside.fm\/v2\/GegHgcrH+k3-r201n?theme=dark\" width=\"740\" height=\"200\" frameborder=\"0\" scrolling=\"no\"><\/iframe><\/p>\n<p>Follow Intego on your favorite social and media channels: <a href=\"https:\/\/www.facebook.com\/Intego\" target=\"_blank\" rel=\"noopener noreferrer\">Facebook<\/a>, <a href=\"https:\/\/www.instagram.com\/intego_security\/\" target=\"_blank\" rel=\"noopener noreferrer\">Instagram<\/a>, <a href=\"https:\/\/twitter.com\/IntegoSecurity\" target=\"_blank\" rel=\"noopener noreferrer\">Twitter<\/a>, and <a href=\"https:\/\/www.youtube.com\/user\/IntegoVideo?sub_confirmation=1\" target=\"_blank\" rel=\"noopener noreferrer\">YouTube<\/a> (click the \ud83d\udd14 to get notified about new videos).<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Update, October 2024: This flaw still hasn’t been fixed as of the 2024 U.S. presidential election cycle; see our latest article about this story: Apple still hasn’t fixed 6-year-old “fake headlines” flaw exploitable for election interference For nearly two years, Apple has neglected to fix a bug that enables anyone to create fake news headlines […]<\/p>\n","protected":false},"author":14,"featured_media":92478,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"spay_email":"","jetpack_publicize_message":"","jetpack_is_tweetstorm":false},"categories":[13],"tags":[563,69,115,143],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v17.4 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<meta name=\"description\" content=\"Update, October 2024: This flaw still hasn't been fixed as of the 2024 U.S. presidential election cycle; see our latest article about this story:\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.intego.com\/mac-security-blog\/apple-neglects-to-fix-fake-headlines-bug-usable-for-election-interference\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Apple neglects to fix "fake headlines" bug usable for election interference - The Mac Security Blog\" \/>\n<meta property=\"og:description\" content=\"Update, October 2024: This flaw still hasn't been fixed as of the 2024 U.S. presidential election cycle; see our latest article about this story:\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.intego.com\/mac-security-blog\/apple-neglects-to-fix-fake-headlines-bug-usable-for-election-interference\/\" \/>\n<meta property=\"og:site_name\" content=\"The Mac Security Blog\" \/>\n<meta property=\"article:author\" content=\"https:\/\/www.facebook.com\/JoshLong\" \/>\n<meta property=\"article:published_time\" content=\"2020-10-30T22:12:38+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-10-17T14:44:52+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2020\/10\/election-2020-safari-fake-headline-exploit-demo-400x260-1.png\" \/>\n\t<meta property=\"og:image:width\" content=\"400\" \/>\n\t<meta property=\"og:image:height\" content=\"260\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@theJoshMeister\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Joshua Long\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#organization\",\"name\":\"Intego\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/\",\"sameAs\":[],\"logo\":{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#logo\",\"inLanguage\":\"en-US\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2022\/10\/intego-organization-logo-for-google-knowledge-graph-875x875-1.png\",\"contentUrl\":\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2022\/10\/intego-organization-logo-for-google-knowledge-graph-875x875-1.png\",\"width\":875,\"height\":875,\"caption\":\"Intego\"},\"image\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#logo\"}},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#website\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/\",\"name\":\"The Mac Security Blog\",\"description\":\"Keep Macs safe from the dangers of the Internet\",\"publisher\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.intego.com\/mac-security-blog\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/apple-neglects-to-fix-fake-headlines-bug-usable-for-election-interference\/#primaryimage\",\"inLanguage\":\"en-US\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2020\/10\/election-2020-safari-fake-headline-exploit-demo-400x260-1.png\",\"contentUrl\":\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2020\/10\/election-2020-safari-fake-headline-exploit-demo-400x260-1.png\",\"width\":400,\"height\":260,\"caption\":\"Election 2020 Safari iOS Fake Headline Exploit Demonstration\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/apple-neglects-to-fix-fake-headlines-bug-usable-for-election-interference\/#webpage\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/apple-neglects-to-fix-fake-headlines-bug-usable-for-election-interference\/\",\"name\":\"Apple neglects to fix \\\"fake headlines\\\" bug usable for election interference - The Mac Security Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/apple-neglects-to-fix-fake-headlines-bug-usable-for-election-interference\/#primaryimage\"},\"datePublished\":\"2020-10-30T22:12:38+00:00\",\"dateModified\":\"2024-10-17T14:44:52+00:00\",\"description\":\"Update, October 2024: This flaw still hasn't been fixed as of the 2024 U.S. presidential election cycle; see our latest article about this story:\",\"breadcrumb\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/apple-neglects-to-fix-fake-headlines-bug-usable-for-election-interference\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.intego.com\/mac-security-blog\/apple-neglects-to-fix-fake-headlines-bug-usable-for-election-interference\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/apple-neglects-to-fix-fake-headlines-bug-usable-for-election-interference\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.intego.com\/mac-security-blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Apple neglects to fix “fake headlines” bug usable for election interference\"}]},{\"@type\":\"Article\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/apple-neglects-to-fix-fake-headlines-bug-usable-for-election-interference\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/apple-neglects-to-fix-fake-headlines-bug-usable-for-election-interference\/#webpage\"},\"author\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#\/schema\/person\/dcf592275ba6edde8d20f1e60029c6b1\"},\"headline\":\"Apple neglects to fix “fake headlines” bug usable for election interference\",\"datePublished\":\"2020-10-30T22:12:38+00:00\",\"dateModified\":\"2024-10-17T14:44:52+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/apple-neglects-to-fix-fake-headlines-bug-usable-for-election-interference\/#webpage\"},\"wordCount\":1067,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/apple-neglects-to-fix-fake-headlines-bug-usable-for-election-interference\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2020\/10\/election-2020-safari-fake-headline-exploit-demo-400x260-1.png\",\"keywords\":[\"iMessage\",\"iOS\",\"Safari\",\"Vulnerabilities\"],\"articleSection\":[\"Security & Privacy\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.intego.com\/mac-security-blog\/apple-neglects-to-fix-fake-headlines-bug-usable-for-election-interference\/#respond\"]}]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#\/schema\/person\/dcf592275ba6edde8d20f1e60029c6b1\",\"name\":\"Joshua Long\",\"image\":{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#personlogo\",\"inLanguage\":\"en-US\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/5ad29f4111ce14911abaa98cbbcdea42?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/5ad29f4111ce14911abaa98cbbcdea42?s=96&d=mm&r=g\",\"caption\":\"Joshua Long\"},\"description\":\"Joshua Long (@theJoshMeister), formerly Intego\\u2019s Chief Security Analyst, is a renowned security researcher and writer, and an award-winning public speaker. Josh has a master\\u2019s degree in IT concentrating in Internet Security and has taken doctorate-level coursework in Information Security. Apple has publicly acknowledged Josh for discovering an Apple\\u00a0ID authentication vulnerability. Josh has conducted cybersecurity research for well over 25 years, which is often featured by major news outlets worldwide. Keep up with Josh via X\/Twitter, LinkedIn, Facebook, Instagram, YouTube, Patreon, Mastodon, the JoshMeister on Security, and more. \\u2014\",\"sameAs\":[\"https:\/\/security.thejoshmeister.com\",\"https:\/\/www.facebook.com\/JoshLong\",\"https:\/\/www.instagram.com\/thejoshmeister\/\",\"https:\/\/www.linkedin.com\/in\/thejoshmeister\",\"https:\/\/www.pinterest.com\/thejoshmeister\/\",\"https:\/\/twitter.com\/theJoshMeister\",\"https:\/\/www.youtube.com\/@theJoshMeister\"],\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/author\/joshlong\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"description":"Update, October 2024: This flaw still hasn't been fixed as of the 2024 U.S. presidential election cycle; see our latest article about this story:","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.intego.com\/mac-security-blog\/apple-neglects-to-fix-fake-headlines-bug-usable-for-election-interference\/","og_locale":"en_US","og_type":"article","og_title":"Apple neglects to fix \"fake headlines\" bug usable for election interference - The Mac Security Blog","og_description":"Update, October 2024: This flaw still hasn't been fixed as of the 2024 U.S. presidential election cycle; see our latest article about this story:","og_url":"https:\/\/www.intego.com\/mac-security-blog\/apple-neglects-to-fix-fake-headlines-bug-usable-for-election-interference\/","og_site_name":"The Mac Security Blog","article_author":"https:\/\/www.facebook.com\/JoshLong","article_published_time":"2020-10-30T22:12:38+00:00","article_modified_time":"2024-10-17T14:44:52+00:00","og_image":[{"width":400,"height":260,"url":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2020\/10\/election-2020-safari-fake-headline-exploit-demo-400x260-1.png","type":"image\/png"}],"twitter_card":"summary_large_image","twitter_creator":"@theJoshMeister","twitter_misc":{"Written by":"Joshua Long","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Organization","@id":"https:\/\/www.intego.com\/mac-security-blog\/#organization","name":"Intego","url":"https:\/\/www.intego.com\/mac-security-blog\/","sameAs":[],"logo":{"@type":"ImageObject","@id":"https:\/\/www.intego.com\/mac-security-blog\/#logo","inLanguage":"en-US","url":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2022\/10\/intego-organization-logo-for-google-knowledge-graph-875x875-1.png","contentUrl":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2022\/10\/intego-organization-logo-for-google-knowledge-graph-875x875-1.png","width":875,"height":875,"caption":"Intego"},"image":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#logo"}},{"@type":"WebSite","@id":"https:\/\/www.intego.com\/mac-security-blog\/#website","url":"https:\/\/www.intego.com\/mac-security-blog\/","name":"The Mac Security Blog","description":"Keep Macs safe from the dangers of the Internet","publisher":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.intego.com\/mac-security-blog\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"ImageObject","@id":"https:\/\/www.intego.com\/mac-security-blog\/apple-neglects-to-fix-fake-headlines-bug-usable-for-election-interference\/#primaryimage","inLanguage":"en-US","url":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2020\/10\/election-2020-safari-fake-headline-exploit-demo-400x260-1.png","contentUrl":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2020\/10\/election-2020-safari-fake-headline-exploit-demo-400x260-1.png","width":400,"height":260,"caption":"Election 2020 Safari iOS Fake Headline Exploit Demonstration"},{"@type":"WebPage","@id":"https:\/\/www.intego.com\/mac-security-blog\/apple-neglects-to-fix-fake-headlines-bug-usable-for-election-interference\/#webpage","url":"https:\/\/www.intego.com\/mac-security-blog\/apple-neglects-to-fix-fake-headlines-bug-usable-for-election-interference\/","name":"Apple neglects to fix \"fake headlines\" bug usable for election interference - The Mac Security Blog","isPartOf":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/apple-neglects-to-fix-fake-headlines-bug-usable-for-election-interference\/#primaryimage"},"datePublished":"2020-10-30T22:12:38+00:00","dateModified":"2024-10-17T14:44:52+00:00","description":"Update, October 2024: This flaw still hasn't been fixed as of the 2024 U.S. presidential election cycle; see our latest article about this story:","breadcrumb":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/apple-neglects-to-fix-fake-headlines-bug-usable-for-election-interference\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.intego.com\/mac-security-blog\/apple-neglects-to-fix-fake-headlines-bug-usable-for-election-interference\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.intego.com\/mac-security-blog\/apple-neglects-to-fix-fake-headlines-bug-usable-for-election-interference\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.intego.com\/mac-security-blog\/"},{"@type":"ListItem","position":2,"name":"Apple neglects to fix “fake headlines” bug usable for election interference"}]},{"@type":"Article","@id":"https:\/\/www.intego.com\/mac-security-blog\/apple-neglects-to-fix-fake-headlines-bug-usable-for-election-interference\/#article","isPartOf":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/apple-neglects-to-fix-fake-headlines-bug-usable-for-election-interference\/#webpage"},"author":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#\/schema\/person\/dcf592275ba6edde8d20f1e60029c6b1"},"headline":"Apple neglects to fix “fake headlines” bug usable for election interference","datePublished":"2020-10-30T22:12:38+00:00","dateModified":"2024-10-17T14:44:52+00:00","mainEntityOfPage":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/apple-neglects-to-fix-fake-headlines-bug-usable-for-election-interference\/#webpage"},"wordCount":1067,"commentCount":0,"publisher":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#organization"},"image":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/apple-neglects-to-fix-fake-headlines-bug-usable-for-election-interference\/#primaryimage"},"thumbnailUrl":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2020\/10\/election-2020-safari-fake-headline-exploit-demo-400x260-1.png","keywords":["iMessage","iOS","Safari","Vulnerabilities"],"articleSection":["Security & Privacy"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.intego.com\/mac-security-blog\/apple-neglects-to-fix-fake-headlines-bug-usable-for-election-interference\/#respond"]}]},{"@type":"Person","@id":"https:\/\/www.intego.com\/mac-security-blog\/#\/schema\/person\/dcf592275ba6edde8d20f1e60029c6b1","name":"Joshua Long","image":{"@type":"ImageObject","@id":"https:\/\/www.intego.com\/mac-security-blog\/#personlogo","inLanguage":"en-US","url":"https:\/\/secure.gravatar.com\/avatar\/5ad29f4111ce14911abaa98cbbcdea42?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/5ad29f4111ce14911abaa98cbbcdea42?s=96&d=mm&r=g","caption":"Joshua Long"},"description":"Joshua Long (@theJoshMeister), formerly Intego\u2019s Chief Security Analyst, is a renowned security researcher and writer, and an award-winning public speaker. Josh has a master\u2019s degree in IT concentrating in Internet Security and has taken doctorate-level coursework in Information Security. Apple has publicly acknowledged Josh for discovering an Apple\u00a0ID authentication vulnerability. Josh has conducted cybersecurity research for well over 25 years, which is often featured by major news outlets worldwide. Keep up with Josh via X\/Twitter, LinkedIn, Facebook, Instagram, YouTube, Patreon, Mastodon, the JoshMeister on Security, and more. \u2014","sameAs":["https:\/\/security.thejoshmeister.com","https:\/\/www.facebook.com\/JoshLong","https:\/\/www.instagram.com\/thejoshmeister\/","https:\/\/www.linkedin.com\/in\/thejoshmeister","https:\/\/www.pinterest.com\/thejoshmeister\/","https:\/\/twitter.com\/theJoshMeister","https:\/\/www.youtube.com\/@theJoshMeister"],"url":"https:\/\/www.intego.com\/mac-security-blog\/author\/joshlong\/"}]}},"jetpack_featured_media_url":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2020\/10\/election-2020-safari-fake-headline-exploit-demo-400x260-1.png","jetpack_publicize_connections":[],"jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p4VAYd-o3p","amp_enabled":true,"_links":{"self":[{"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/posts\/92467"}],"collection":[{"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/users\/14"}],"replies":[{"embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/comments?post=92467"}],"version-history":[{"count":28,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/posts\/92467\/revisions"}],"predecessor-version":[{"id":102092,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/posts\/92467\/revisions\/102092"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/media\/92478"}],"wp:attachment":[{"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/media?parent=92467"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/categories?post=92467"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/tags?post=92467"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
Apple still hasn’t fixed 6-year-old “fake headlines” flaw exploitable for election interference<\/a><\/p><\/blockquote>\n<\/iframe><\/p>\n<p>For nearly two years, Apple has neglected to fix a bug that enables anyone to create fake news headlines that appear to come from credible sources.<\/p>\n<p>Although <a href=\"https:\/\/www.intego.com\/mac-security-blog\/ios-safari-flaw-allows-deceptive-web-page-previews-in-messages\/\">we covered the flaw nearly two years ago<\/a>, it’s worth questioning why Apple still has not fixed it. This is especially concerning given that we’re in the final days leading up to the 2020 U.S. presidential election.<\/p>\n<p>Other “Big Tech” companies (in particular Twitter, Facebook, and Google) have <a href=\"https:\/\/www.washingtonpost.com\/technology\/2020\/10\/28\/twitter-facebook-google-senate-hearing-live-updates\/\" target=\"_blank\" rel=\"noopener noreferrer\">recently been accused<\/a> of engaging in or enabling election interference. Perhaps Apple’s neglect should be examined in this context as well.<\/p>\n<h3>How does the exploit work?<\/h3>\n<p>Originally <a href=\"https:\/\/www.macrumors.com\/2019\/02\/21\/safari-fake-headline-bug\/\" target=\"_blank\" rel=\"noopener noreferrer\">discovered<\/a> in February 2019 by the editorial team at MacRumors, there exists an implementation flaw in a Safari browser feature related to link sharing.<\/p>\n<p>The mobile version of Safari (for iPhone, iPad, and iPod touch) allows users to select text from within a Web page before tapping on the Share button, as a means of highlighting a particular portion of a page for the recipient of an iMessage. The feature is intended to allow users to include a quote from an article in the iMessage link preview.<\/p>\n<p>However, Apple does not limit the preview text selection to the contents of the page as received from the Web server, and therein lies the flaw. Users can type something into a page’s search bar (or any other text field), select the text they just typed, tap the browser’s Share button, and then tap the green-and-white Messages icon to send it to an iMessage recipient of their choice.<\/p>\n<div style=\"width: 1920px;\" class=\"wp-video\"><!--[if lt IE 9]><script>document.createElement('video');<\/script><![endif]-->\n<video class=\"wp-video-shortcode\" id=\"video-92467-1\" width=\"1920\" height=\"886\" loop=\"1\" autoplay=\"1\" preload=\"metadata\" controls=\"controls\"><source type=\"video\/mp4\" src=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2019\/02\/iOS-Safari-iMessage-bug-false-headline-demonstration.mp4?_=1\" \/><a href=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2019\/02\/iOS-Safari-iMessage-bug-false-headline-demonstration.mp4\">https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2019\/02\/iOS-Safari-iMessage-bug-false-headline-demonstration.mp4<\/a><\/video><\/div>\n<p style=\"text-align: center; font-size: small;\">The bug as it appeared in iOS 13. It still works the same in iOS 14.1.<\/p>\n<p>Nothing prevents a user from typing a misleading headline or other deceptive text into a field and making it part of the page preview.<\/p>\n<p>It’s worth mentioning that the Messages app on macOS desktop and laptop computers (e.g. iMac, MacBook, etc.) will also display misleading previews sent from Safari on an iOS or iPadOS device.<\/p>\n<h3>Why hasn’t Apple done anything to stop this?<\/h3>\n<p>When MacRumors editors originally discovered this, they called the flaw “fun” and noted that it could easily be exploited for harmless pranks. However, as we pointed out in February 2019, we feel that <strong>all iMessage users should take caution, as the flaw could also potentially be used in more sinister attacks<\/strong>.<\/p>\n<p>We warned last year that this could be exploited as a means to try to get financial investors to buy or sell stocks in a panic based on false headlines, for example.<\/p>\n<p><img loading=\"lazy\" class=\"alignright size-full wp-image-43018\" src=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2015\/06\/bad-apple-170.jpeg\" alt=\"\" width=\"150\" height=\"184\" srcset=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2015\/06\/bad-apple-170.jpeg 170w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2015\/06\/bad-apple-170-122x150.jpeg 122w\" sizes=\"(max-width: 150px) 100vw, 150px\" \/>Now, in the context of a contentious presidential election, it’s disturbing to see that Apple still has not fixed this flaw. Apple has not even announced plans to mitigate the issue.<\/p>\n<p>The flaw has evidently been present in iOS for years; today we tested devices running the final version of iOS 12 (12.4.8), the current version of iOS (14.1), and even the most recent beta version of iOS (14.2 beta 4 \u2014 <strong>Update: <\/strong>We also tested iOS 14.2 RC). All of these versions of iOS\u2014and corresponding versions of iPadOS\u2014can be used to spread fake news headlines.<\/p>\n<p>Since it seems like this would be an easy thing for Apple to fix (by simply disallowing user input to be part of a link preview), it’s difficult to imagine why Apple has ignored the flaw for nearly two years.<\/p>\n<p>We invited Apple to comment on this story, but company representatives had not responded by publication time. If Apple provides a statement, we will update this article.<\/p>\n<h3>Most major news sites are affected<\/h3>\n<p>Alarmingly, <strong>the majority of news sites we tested were vulnerable<\/strong> to this attack.<\/p>\n<p><strong>We found that it was possible to send fake headlines that appear to be from Donald Trump’s and Joe Biden’s official campaign sites<\/strong> as well.<\/p>\n<p>Following are screenshots showing, as a demonstration, example fake headlines that could be sent from the ABC News, CNN, Fox News, Los Angeles Times, MSNBC, and New York Times homepages.<\/p>\n<p>Although most of these example headlines are a bit silly and unrealistic, one can imagine much more subtle and deceptive headlines that could influence people into changing how they might vote on election day.<\/p>\n<div id=\"attachment_92471\" style=\"width: 610px\" class=\"wp-caption aligncenter\"><img aria-describedby=\"caption-attachment-92471\" loading=\"lazy\" class=\"size-full wp-image-92471\" src=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2020\/10\/election-2020-safari-fake-headline-exploit-demonstration.jpg\" alt=\"Election 2020 Safari iOS Fake Headline Exploit Demonstration\" width=\"600\" height=\"888\" srcset=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2020\/10\/election-2020-safari-fake-headline-exploit-demonstration.jpg 600w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2020\/10\/election-2020-safari-fake-headline-exploit-demonstration-203x300.jpg 203w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2020\/10\/election-2020-safari-fake-headline-exploit-demonstration-101x150.jpg 101w\" sizes=\"(max-width: 600px) 100vw, 600px\" \/><p id=\"caption-attachment-92471\" class=\"wp-caption-text\">Exploit demo; not seen in the wild. Watermarked to prevent abuse.<\/p><\/div>\n<p>A few sites we tested, such as the the main homepages of CBS News and Forbes, seem to be resistant to the bug. More research needs to be done to determine why some sites are resistant while most are not.<\/p>\n<h3>Has the attack been used against the 2020 election?<\/h3>\n<p>It is impossible to know with any degree of certainty whether this bug has been exploited to spread misinformation to Apple users about this (or any other) election.<\/p>\n<p>Although we have not yet been made aware of any real-world abuse of this exploit, we do know that this bug has been widely known for 20 months, and Apple has chosen not to do anything about it. Apple’s neglect has left ample opportunity for domestic or foreign threat actors to engage in targeted campaigns to deceive individuals in specific communities or demographics, including in swing states.<\/p>\n<p>If you hear of any abuse of this bug for any unethical purposes, whether election interference or stock manipulation or otherwise, please <a href=\"https:\/\/www.ic3.gov\/Home\/FileComplaint\" target=\"_blank\" rel=\"noopener noreferrer\">report it to the FBI’s Internet Crime Complaint Center (IC3)<\/a>, and consider leaving a detailed comment on this article. You can also contact the author of this article via <a href=\"https:\/\/twitter.com\/theJoshMeister\" target=\"_blank\" rel=\"noopener noreferrer\">Twitter direct message<\/a>.<\/p>\n<h3>How can I learn more?<\/h3>\n<p>You can find our original coverage of this Safari bug, from February 2019, here:<\/p>\n<blockquote class=\"wp-embedded-content\" data-secret=\"k1vJO96dx0\"><p><a href=\"https:\/\/www.intego.com\/mac-security-blog\/ios-safari-flaw-allows-deceptive-web-page-previews-in-messages\/\">iOS Safari flaw allows deceptive news headlines in Messages<\/a><\/p><\/blockquote>\n<p><iframe class=\"wp-embedded-content\" sandbox=\"allow-scripts\" security=\"restricted\" style=\"position: absolute; clip: rect(1px, 1px, 1px, 1px);\" title=\"“iOS Safari flaw allows deceptive news headlines in Messages” — The Mac Security Blog\" src=\"https:\/\/www.intego.com\/mac-security-blog\/ios-safari-flaw-allows-deceptive-web-page-previews-in-messages\/embed\/#?secret=k1vJO96dx0\" data-secret=\"k1vJO96dx0\" width=\"500\" height=\"282\" frameborder=\"0\" marginwidth=\"0\" marginheight=\"0\" scrolling=\"no\"><\/iframe><\/p>\n<p>Subscribe to our <strong>e-mail newsletter<\/strong> and keep an eye here on <strong>The Mac Security Blog<\/strong> for updates to this story and all the latest Apple security news.<\/p>\n<p><a href=\"https:\/\/podcasts.apple.com\/us\/podcast\/intego-mac-podcast\/id1293834627\" target=\"_blank\" rel=\"noopener noreferrer\"><img loading=\"lazy\" class=\"alignright size-thumbnail wp-image-71818\" src=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/10\/ios9-podcasts-app-tile-150x150.png\" alt=\"\" width=\"50\" height=\"50\" srcset=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/10\/ios9-podcasts-app-tile-150x150.png 150w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/10\/ios9-podcasts-app-tile-32x32.png 32w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/10\/ios9-podcasts-app-tile-50x50.png 50w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/10\/ios9-podcasts-app-tile-64x64.png 64w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/10\/ios9-podcasts-app-tile-96x96.png 96w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/10\/ios9-podcasts-app-tile-128x128.png 128w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/10\/ios9-podcasts-app-tile.png 300w\" sizes=\"(max-width: 50px) 100vw, 50px\" \/><\/a>You can also subscribe to the <strong>Intego Mac Podcast<\/strong> in <a href=\"https:\/\/podcasts.apple.com\/us\/podcast\/intego-mac-podcast\/id1293834627\">Apple Podcasts<\/a>, <a href=\"https:\/\/www.amazon.com\/Intego-Mac-Podcast\/dp\/B08K5C5LPR\/\" target=\"_blank\" rel=\"noopener noreferrer\">Amazon Music or Audible<\/a>, or <a href=\"https:\/\/podcast.intego.com\">wherever else you listen<\/a> to make sure you never miss the latest episode. We discussed this Safari bug way back in <a href=\"https:\/\/podcast.intego.com\/71\" target=\"_blank\" rel=\"noopener noreferrer\">episode 71<\/a>:<\/p>\n<p><iframe loading=\"lazy\" src=\"https:\/\/player.fireside.fm\/v2\/GegHgcrH+k3-r201n?theme=dark\" width=\"740\" height=\"200\" frameborder=\"0\" scrolling=\"no\"><\/iframe><\/p>\n<p>Follow Intego on your favorite social and media channels: <a href=\"https:\/\/www.facebook.com\/Intego\" target=\"_blank\" rel=\"noopener noreferrer\">Facebook<\/a>, <a href=\"https:\/\/www.instagram.com\/intego_security\/\" target=\"_blank\" rel=\"noopener noreferrer\">Instagram<\/a>, <a href=\"https:\/\/twitter.com\/IntegoSecurity\" target=\"_blank\" rel=\"noopener noreferrer\">Twitter<\/a>, and <a href=\"https:\/\/www.youtube.com\/user\/IntegoVideo?sub_confirmation=1\" target=\"_blank\" rel=\"noopener noreferrer\">YouTube<\/a> (click the \ud83d\udd14 to get notified about new videos).<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Update, October 2024: This flaw still hasn’t been fixed as of the 2024 U.S. presidential election cycle; see our latest article about this story: Apple still hasn’t fixed 6-year-old “fake headlines” flaw exploitable for election interference For nearly two years, Apple has neglected to fix a bug that enables anyone to create fake news headlines […]<\/p>\n","protected":false},"author":14,"featured_media":92478,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"spay_email":"","jetpack_publicize_message":"","jetpack_is_tweetstorm":false},"categories":[13],"tags":[563,69,115,143],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v17.4 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<meta name=\"description\" content=\"Update, October 2024: This flaw still hasn't been fixed as of the 2024 U.S. presidential election cycle; see our latest article about this story:\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.intego.com\/mac-security-blog\/apple-neglects-to-fix-fake-headlines-bug-usable-for-election-interference\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Apple neglects to fix "fake headlines" bug usable for election interference - The Mac Security Blog\" \/>\n<meta property=\"og:description\" content=\"Update, October 2024: This flaw still hasn't been fixed as of the 2024 U.S. presidential election cycle; see our latest article about this story:\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.intego.com\/mac-security-blog\/apple-neglects-to-fix-fake-headlines-bug-usable-for-election-interference\/\" \/>\n<meta property=\"og:site_name\" content=\"The Mac Security Blog\" \/>\n<meta property=\"article:author\" content=\"https:\/\/www.facebook.com\/JoshLong\" \/>\n<meta property=\"article:published_time\" content=\"2020-10-30T22:12:38+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-10-17T14:44:52+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2020\/10\/election-2020-safari-fake-headline-exploit-demo-400x260-1.png\" \/>\n\t<meta property=\"og:image:width\" content=\"400\" \/>\n\t<meta property=\"og:image:height\" content=\"260\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@theJoshMeister\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Joshua Long\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#organization\",\"name\":\"Intego\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/\",\"sameAs\":[],\"logo\":{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#logo\",\"inLanguage\":\"en-US\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2022\/10\/intego-organization-logo-for-google-knowledge-graph-875x875-1.png\",\"contentUrl\":\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2022\/10\/intego-organization-logo-for-google-knowledge-graph-875x875-1.png\",\"width\":875,\"height\":875,\"caption\":\"Intego\"},\"image\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#logo\"}},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#website\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/\",\"name\":\"The Mac Security Blog\",\"description\":\"Keep Macs safe from the dangers of the Internet\",\"publisher\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.intego.com\/mac-security-blog\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/apple-neglects-to-fix-fake-headlines-bug-usable-for-election-interference\/#primaryimage\",\"inLanguage\":\"en-US\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2020\/10\/election-2020-safari-fake-headline-exploit-demo-400x260-1.png\",\"contentUrl\":\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2020\/10\/election-2020-safari-fake-headline-exploit-demo-400x260-1.png\",\"width\":400,\"height\":260,\"caption\":\"Election 2020 Safari iOS Fake Headline Exploit Demonstration\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/apple-neglects-to-fix-fake-headlines-bug-usable-for-election-interference\/#webpage\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/apple-neglects-to-fix-fake-headlines-bug-usable-for-election-interference\/\",\"name\":\"Apple neglects to fix \\\"fake headlines\\\" bug usable for election interference - The Mac Security Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/apple-neglects-to-fix-fake-headlines-bug-usable-for-election-interference\/#primaryimage\"},\"datePublished\":\"2020-10-30T22:12:38+00:00\",\"dateModified\":\"2024-10-17T14:44:52+00:00\",\"description\":\"Update, October 2024: This flaw still hasn't been fixed as of the 2024 U.S. presidential election cycle; see our latest article about this story:\",\"breadcrumb\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/apple-neglects-to-fix-fake-headlines-bug-usable-for-election-interference\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.intego.com\/mac-security-blog\/apple-neglects-to-fix-fake-headlines-bug-usable-for-election-interference\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/apple-neglects-to-fix-fake-headlines-bug-usable-for-election-interference\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.intego.com\/mac-security-blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Apple neglects to fix “fake headlines” bug usable for election interference\"}]},{\"@type\":\"Article\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/apple-neglects-to-fix-fake-headlines-bug-usable-for-election-interference\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/apple-neglects-to-fix-fake-headlines-bug-usable-for-election-interference\/#webpage\"},\"author\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#\/schema\/person\/dcf592275ba6edde8d20f1e60029c6b1\"},\"headline\":\"Apple neglects to fix “fake headlines” bug usable for election interference\",\"datePublished\":\"2020-10-30T22:12:38+00:00\",\"dateModified\":\"2024-10-17T14:44:52+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/apple-neglects-to-fix-fake-headlines-bug-usable-for-election-interference\/#webpage\"},\"wordCount\":1067,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/apple-neglects-to-fix-fake-headlines-bug-usable-for-election-interference\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2020\/10\/election-2020-safari-fake-headline-exploit-demo-400x260-1.png\",\"keywords\":[\"iMessage\",\"iOS\",\"Safari\",\"Vulnerabilities\"],\"articleSection\":[\"Security & Privacy\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.intego.com\/mac-security-blog\/apple-neglects-to-fix-fake-headlines-bug-usable-for-election-interference\/#respond\"]}]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#\/schema\/person\/dcf592275ba6edde8d20f1e60029c6b1\",\"name\":\"Joshua Long\",\"image\":{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#personlogo\",\"inLanguage\":\"en-US\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/5ad29f4111ce14911abaa98cbbcdea42?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/5ad29f4111ce14911abaa98cbbcdea42?s=96&d=mm&r=g\",\"caption\":\"Joshua Long\"},\"description\":\"Joshua Long (@theJoshMeister), formerly Intego\\u2019s Chief Security Analyst, is a renowned security researcher and writer, and an award-winning public speaker. Josh has a master\\u2019s degree in IT concentrating in Internet Security and has taken doctorate-level coursework in Information Security. Apple has publicly acknowledged Josh for discovering an Apple\\u00a0ID authentication vulnerability. Josh has conducted cybersecurity research for well over 25 years, which is often featured by major news outlets worldwide. Keep up with Josh via X\/Twitter, LinkedIn, Facebook, Instagram, YouTube, Patreon, Mastodon, the JoshMeister on Security, and more. \\u2014\",\"sameAs\":[\"https:\/\/security.thejoshmeister.com\",\"https:\/\/www.facebook.com\/JoshLong\",\"https:\/\/www.instagram.com\/thejoshmeister\/\",\"https:\/\/www.linkedin.com\/in\/thejoshmeister\",\"https:\/\/www.pinterest.com\/thejoshmeister\/\",\"https:\/\/twitter.com\/theJoshMeister\",\"https:\/\/www.youtube.com\/@theJoshMeister\"],\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/author\/joshlong\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"description":"Update, October 2024: This flaw still hasn't been fixed as of the 2024 U.S. presidential election cycle; see our latest article about this story:","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.intego.com\/mac-security-blog\/apple-neglects-to-fix-fake-headlines-bug-usable-for-election-interference\/","og_locale":"en_US","og_type":"article","og_title":"Apple neglects to fix \"fake headlines\" bug usable for election interference - The Mac Security Blog","og_description":"Update, October 2024: This flaw still hasn't been fixed as of the 2024 U.S. presidential election cycle; see our latest article about this story:","og_url":"https:\/\/www.intego.com\/mac-security-blog\/apple-neglects-to-fix-fake-headlines-bug-usable-for-election-interference\/","og_site_name":"The Mac Security Blog","article_author":"https:\/\/www.facebook.com\/JoshLong","article_published_time":"2020-10-30T22:12:38+00:00","article_modified_time":"2024-10-17T14:44:52+00:00","og_image":[{"width":400,"height":260,"url":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2020\/10\/election-2020-safari-fake-headline-exploit-demo-400x260-1.png","type":"image\/png"}],"twitter_card":"summary_large_image","twitter_creator":"@theJoshMeister","twitter_misc":{"Written by":"Joshua Long","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Organization","@id":"https:\/\/www.intego.com\/mac-security-blog\/#organization","name":"Intego","url":"https:\/\/www.intego.com\/mac-security-blog\/","sameAs":[],"logo":{"@type":"ImageObject","@id":"https:\/\/www.intego.com\/mac-security-blog\/#logo","inLanguage":"en-US","url":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2022\/10\/intego-organization-logo-for-google-knowledge-graph-875x875-1.png","contentUrl":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2022\/10\/intego-organization-logo-for-google-knowledge-graph-875x875-1.png","width":875,"height":875,"caption":"Intego"},"image":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#logo"}},{"@type":"WebSite","@id":"https:\/\/www.intego.com\/mac-security-blog\/#website","url":"https:\/\/www.intego.com\/mac-security-blog\/","name":"The Mac Security Blog","description":"Keep Macs safe from the dangers of the Internet","publisher":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.intego.com\/mac-security-blog\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"ImageObject","@id":"https:\/\/www.intego.com\/mac-security-blog\/apple-neglects-to-fix-fake-headlines-bug-usable-for-election-interference\/#primaryimage","inLanguage":"en-US","url":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2020\/10\/election-2020-safari-fake-headline-exploit-demo-400x260-1.png","contentUrl":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2020\/10\/election-2020-safari-fake-headline-exploit-demo-400x260-1.png","width":400,"height":260,"caption":"Election 2020 Safari iOS Fake Headline Exploit Demonstration"},{"@type":"WebPage","@id":"https:\/\/www.intego.com\/mac-security-blog\/apple-neglects-to-fix-fake-headlines-bug-usable-for-election-interference\/#webpage","url":"https:\/\/www.intego.com\/mac-security-blog\/apple-neglects-to-fix-fake-headlines-bug-usable-for-election-interference\/","name":"Apple neglects to fix \"fake headlines\" bug usable for election interference - The Mac Security Blog","isPartOf":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/apple-neglects-to-fix-fake-headlines-bug-usable-for-election-interference\/#primaryimage"},"datePublished":"2020-10-30T22:12:38+00:00","dateModified":"2024-10-17T14:44:52+00:00","description":"Update, October 2024: This flaw still hasn't been fixed as of the 2024 U.S. presidential election cycle; see our latest article about this story:","breadcrumb":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/apple-neglects-to-fix-fake-headlines-bug-usable-for-election-interference\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.intego.com\/mac-security-blog\/apple-neglects-to-fix-fake-headlines-bug-usable-for-election-interference\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.intego.com\/mac-security-blog\/apple-neglects-to-fix-fake-headlines-bug-usable-for-election-interference\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.intego.com\/mac-security-blog\/"},{"@type":"ListItem","position":2,"name":"Apple neglects to fix “fake headlines” bug usable for election interference"}]},{"@type":"Article","@id":"https:\/\/www.intego.com\/mac-security-blog\/apple-neglects-to-fix-fake-headlines-bug-usable-for-election-interference\/#article","isPartOf":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/apple-neglects-to-fix-fake-headlines-bug-usable-for-election-interference\/#webpage"},"author":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#\/schema\/person\/dcf592275ba6edde8d20f1e60029c6b1"},"headline":"Apple neglects to fix “fake headlines” bug usable for election interference","datePublished":"2020-10-30T22:12:38+00:00","dateModified":"2024-10-17T14:44:52+00:00","mainEntityOfPage":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/apple-neglects-to-fix-fake-headlines-bug-usable-for-election-interference\/#webpage"},"wordCount":1067,"commentCount":0,"publisher":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#organization"},"image":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/apple-neglects-to-fix-fake-headlines-bug-usable-for-election-interference\/#primaryimage"},"thumbnailUrl":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2020\/10\/election-2020-safari-fake-headline-exploit-demo-400x260-1.png","keywords":["iMessage","iOS","Safari","Vulnerabilities"],"articleSection":["Security & Privacy"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.intego.com\/mac-security-blog\/apple-neglects-to-fix-fake-headlines-bug-usable-for-election-interference\/#respond"]}]},{"@type":"Person","@id":"https:\/\/www.intego.com\/mac-security-blog\/#\/schema\/person\/dcf592275ba6edde8d20f1e60029c6b1","name":"Joshua Long","image":{"@type":"ImageObject","@id":"https:\/\/www.intego.com\/mac-security-blog\/#personlogo","inLanguage":"en-US","url":"https:\/\/secure.gravatar.com\/avatar\/5ad29f4111ce14911abaa98cbbcdea42?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/5ad29f4111ce14911abaa98cbbcdea42?s=96&d=mm&r=g","caption":"Joshua Long"},"description":"Joshua Long (@theJoshMeister), formerly Intego\u2019s Chief Security Analyst, is a renowned security researcher and writer, and an award-winning public speaker. Josh has a master\u2019s degree in IT concentrating in Internet Security and has taken doctorate-level coursework in Information Security. Apple has publicly acknowledged Josh for discovering an Apple\u00a0ID authentication vulnerability. Josh has conducted cybersecurity research for well over 25 years, which is often featured by major news outlets worldwide. Keep up with Josh via X\/Twitter, LinkedIn, Facebook, Instagram, YouTube, Patreon, Mastodon, the JoshMeister on Security, and more. \u2014","sameAs":["https:\/\/security.thejoshmeister.com","https:\/\/www.facebook.com\/JoshLong","https:\/\/www.instagram.com\/thejoshmeister\/","https:\/\/www.linkedin.com\/in\/thejoshmeister","https:\/\/www.pinterest.com\/thejoshmeister\/","https:\/\/twitter.com\/theJoshMeister","https:\/\/www.youtube.com\/@theJoshMeister"],"url":"https:\/\/www.intego.com\/mac-security-blog\/author\/joshlong\/"}]}},"jetpack_featured_media_url":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2020\/10\/election-2020-safari-fake-headline-exploit-demo-400x260-1.png","jetpack_publicize_connections":[],"jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p4VAYd-o3p","amp_enabled":true,"_links":{"self":[{"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/posts\/92467"}],"collection":[{"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/users\/14"}],"replies":[{"embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/comments?post=92467"}],"version-history":[{"count":28,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/posts\/92467\/revisions"}],"predecessor-version":[{"id":102092,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/posts\/92467\/revisions\/102092"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/media\/92478"}],"wp:attachment":[{"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/media?parent=92467"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/categories?post=92467"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/tags?post=92467"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
<\/iframe><\/p>\n<p>For nearly two years, Apple has neglected to fix a bug that enables anyone to create fake news headlines that appear to come from credible sources.<\/p>\n<p>Although <a href=\"https:\/\/www.intego.com\/mac-security-blog\/ios-safari-flaw-allows-deceptive-web-page-previews-in-messages\/\">we covered the flaw nearly two years ago<\/a>, it’s worth questioning why Apple still has not fixed it. This is especially concerning given that we’re in the final days leading up to the 2020 U.S. presidential election.<\/p>\n<p>Other “Big Tech” companies (in particular Twitter, Facebook, and Google) have <a href=\"https:\/\/www.washingtonpost.com\/technology\/2020\/10\/28\/twitter-facebook-google-senate-hearing-live-updates\/\" target=\"_blank\" rel=\"noopener noreferrer\">recently been accused<\/a> of engaging in or enabling election interference. Perhaps Apple’s neglect should be examined in this context as well.<\/p>\n<h3>How does the exploit work?<\/h3>\n<p>Originally <a href=\"https:\/\/www.macrumors.com\/2019\/02\/21\/safari-fake-headline-bug\/\" target=\"_blank\" rel=\"noopener noreferrer\">discovered<\/a> in February 2019 by the editorial team at MacRumors, there exists an implementation flaw in a Safari browser feature related to link sharing.<\/p>\n<p>The mobile version of Safari (for iPhone, iPad, and iPod touch) allows users to select text from within a Web page before tapping on the Share button, as a means of highlighting a particular portion of a page for the recipient of an iMessage. The feature is intended to allow users to include a quote from an article in the iMessage link preview.<\/p>\n<p>However, Apple does not limit the preview text selection to the contents of the page as received from the Web server, and therein lies the flaw. Users can type something into a page’s search bar (or any other text field), select the text they just typed, tap the browser’s Share button, and then tap the green-and-white Messages icon to send it to an iMessage recipient of their choice.<\/p>\n<div style=\"width: 1920px;\" class=\"wp-video\"><!--[if lt IE 9]><script>document.createElement('video');<\/script><![endif]-->\n<video class=\"wp-video-shortcode\" id=\"video-92467-1\" width=\"1920\" height=\"886\" loop=\"1\" autoplay=\"1\" preload=\"metadata\" controls=\"controls\"><source type=\"video\/mp4\" src=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2019\/02\/iOS-Safari-iMessage-bug-false-headline-demonstration.mp4?_=1\" \/><a href=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2019\/02\/iOS-Safari-iMessage-bug-false-headline-demonstration.mp4\">https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2019\/02\/iOS-Safari-iMessage-bug-false-headline-demonstration.mp4<\/a><\/video><\/div>\n<p style=\"text-align: center; font-size: small;\">The bug as it appeared in iOS 13. It still works the same in iOS 14.1.<\/p>\n<p>Nothing prevents a user from typing a misleading headline or other deceptive text into a field and making it part of the page preview.<\/p>\n<p>It’s worth mentioning that the Messages app on macOS desktop and laptop computers (e.g. iMac, MacBook, etc.) will also display misleading previews sent from Safari on an iOS or iPadOS device.<\/p>\n<h3>Why hasn’t Apple done anything to stop this?<\/h3>\n<p>When MacRumors editors originally discovered this, they called the flaw “fun” and noted that it could easily be exploited for harmless pranks. However, as we pointed out in February 2019, we feel that <strong>all iMessage users should take caution, as the flaw could also potentially be used in more sinister attacks<\/strong>.<\/p>\n<p>We warned last year that this could be exploited as a means to try to get financial investors to buy or sell stocks in a panic based on false headlines, for example.<\/p>\n<p><img loading=\"lazy\" class=\"alignright size-full wp-image-43018\" src=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2015\/06\/bad-apple-170.jpeg\" alt=\"\" width=\"150\" height=\"184\" srcset=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2015\/06\/bad-apple-170.jpeg 170w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2015\/06\/bad-apple-170-122x150.jpeg 122w\" sizes=\"(max-width: 150px) 100vw, 150px\" \/>Now, in the context of a contentious presidential election, it’s disturbing to see that Apple still has not fixed this flaw. Apple has not even announced plans to mitigate the issue.<\/p>\n<p>The flaw has evidently been present in iOS for years; today we tested devices running the final version of iOS 12 (12.4.8), the current version of iOS (14.1), and even the most recent beta version of iOS (14.2 beta 4 \u2014 <strong>Update: <\/strong>We also tested iOS 14.2 RC). All of these versions of iOS\u2014and corresponding versions of iPadOS\u2014can be used to spread fake news headlines.<\/p>\n<p>Since it seems like this would be an easy thing for Apple to fix (by simply disallowing user input to be part of a link preview), it’s difficult to imagine why Apple has ignored the flaw for nearly two years.<\/p>\n<p>We invited Apple to comment on this story, but company representatives had not responded by publication time. If Apple provides a statement, we will update this article.<\/p>\n<h3>Most major news sites are affected<\/h3>\n<p>Alarmingly, <strong>the majority of news sites we tested were vulnerable<\/strong> to this attack.<\/p>\n<p><strong>We found that it was possible to send fake headlines that appear to be from Donald Trump’s and Joe Biden’s official campaign sites<\/strong> as well.<\/p>\n<p>Following are screenshots showing, as a demonstration, example fake headlines that could be sent from the ABC News, CNN, Fox News, Los Angeles Times, MSNBC, and New York Times homepages.<\/p>\n<p>Although most of these example headlines are a bit silly and unrealistic, one can imagine much more subtle and deceptive headlines that could influence people into changing how they might vote on election day.<\/p>\n<div id=\"attachment_92471\" style=\"width: 610px\" class=\"wp-caption aligncenter\"><img aria-describedby=\"caption-attachment-92471\" loading=\"lazy\" class=\"size-full wp-image-92471\" src=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2020\/10\/election-2020-safari-fake-headline-exploit-demonstration.jpg\" alt=\"Election 2020 Safari iOS Fake Headline Exploit Demonstration\" width=\"600\" height=\"888\" srcset=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2020\/10\/election-2020-safari-fake-headline-exploit-demonstration.jpg 600w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2020\/10\/election-2020-safari-fake-headline-exploit-demonstration-203x300.jpg 203w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2020\/10\/election-2020-safari-fake-headline-exploit-demonstration-101x150.jpg 101w\" sizes=\"(max-width: 600px) 100vw, 600px\" \/><p id=\"caption-attachment-92471\" class=\"wp-caption-text\">Exploit demo; not seen in the wild. Watermarked to prevent abuse.<\/p><\/div>\n<p>A few sites we tested, such as the the main homepages of CBS News and Forbes, seem to be resistant to the bug. More research needs to be done to determine why some sites are resistant while most are not.<\/p>\n<h3>Has the attack been used against the 2020 election?<\/h3>\n<p>It is impossible to know with any degree of certainty whether this bug has been exploited to spread misinformation to Apple users about this (or any other) election.<\/p>\n<p>Although we have not yet been made aware of any real-world abuse of this exploit, we do know that this bug has been widely known for 20 months, and Apple has chosen not to do anything about it. Apple’s neglect has left ample opportunity for domestic or foreign threat actors to engage in targeted campaigns to deceive individuals in specific communities or demographics, including in swing states.<\/p>\n<p>If you hear of any abuse of this bug for any unethical purposes, whether election interference or stock manipulation or otherwise, please <a href=\"https:\/\/www.ic3.gov\/Home\/FileComplaint\" target=\"_blank\" rel=\"noopener noreferrer\">report it to the FBI’s Internet Crime Complaint Center (IC3)<\/a>, and consider leaving a detailed comment on this article. You can also contact the author of this article via <a href=\"https:\/\/twitter.com\/theJoshMeister\" target=\"_blank\" rel=\"noopener noreferrer\">Twitter direct message<\/a>.<\/p>\n<h3>How can I learn more?<\/h3>\n<p>You can find our original coverage of this Safari bug, from February 2019, here:<\/p>\n<blockquote class=\"wp-embedded-content\" data-secret=\"k1vJO96dx0\"><p><a href=\"https:\/\/www.intego.com\/mac-security-blog\/ios-safari-flaw-allows-deceptive-web-page-previews-in-messages\/\">iOS Safari flaw allows deceptive news headlines in Messages<\/a><\/p><\/blockquote>\n<p><iframe class=\"wp-embedded-content\" sandbox=\"allow-scripts\" security=\"restricted\" style=\"position: absolute; clip: rect(1px, 1px, 1px, 1px);\" title=\"“iOS Safari flaw allows deceptive news headlines in Messages” — The Mac Security Blog\" src=\"https:\/\/www.intego.com\/mac-security-blog\/ios-safari-flaw-allows-deceptive-web-page-previews-in-messages\/embed\/#?secret=k1vJO96dx0\" data-secret=\"k1vJO96dx0\" width=\"500\" height=\"282\" frameborder=\"0\" marginwidth=\"0\" marginheight=\"0\" scrolling=\"no\"><\/iframe><\/p>\n<p>Subscribe to our <strong>e-mail newsletter<\/strong> and keep an eye here on <strong>The Mac Security Blog<\/strong> for updates to this story and all the latest Apple security news.<\/p>\n<p><a href=\"https:\/\/podcasts.apple.com\/us\/podcast\/intego-mac-podcast\/id1293834627\" target=\"_blank\" rel=\"noopener noreferrer\"><img loading=\"lazy\" class=\"alignright size-thumbnail wp-image-71818\" src=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/10\/ios9-podcasts-app-tile-150x150.png\" alt=\"\" width=\"50\" height=\"50\" srcset=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/10\/ios9-podcasts-app-tile-150x150.png 150w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/10\/ios9-podcasts-app-tile-32x32.png 32w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/10\/ios9-podcasts-app-tile-50x50.png 50w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/10\/ios9-podcasts-app-tile-64x64.png 64w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/10\/ios9-podcasts-app-tile-96x96.png 96w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/10\/ios9-podcasts-app-tile-128x128.png 128w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/10\/ios9-podcasts-app-tile.png 300w\" sizes=\"(max-width: 50px) 100vw, 50px\" \/><\/a>You can also subscribe to the <strong>Intego Mac Podcast<\/strong> in <a href=\"https:\/\/podcasts.apple.com\/us\/podcast\/intego-mac-podcast\/id1293834627\">Apple Podcasts<\/a>, <a href=\"https:\/\/www.amazon.com\/Intego-Mac-Podcast\/dp\/B08K5C5LPR\/\" target=\"_blank\" rel=\"noopener noreferrer\">Amazon Music or Audible<\/a>, or <a href=\"https:\/\/podcast.intego.com\">wherever else you listen<\/a> to make sure you never miss the latest episode. We discussed this Safari bug way back in <a href=\"https:\/\/podcast.intego.com\/71\" target=\"_blank\" rel=\"noopener noreferrer\">episode 71<\/a>:<\/p>\n<p><iframe loading=\"lazy\" src=\"https:\/\/player.fireside.fm\/v2\/GegHgcrH+k3-r201n?theme=dark\" width=\"740\" height=\"200\" frameborder=\"0\" scrolling=\"no\"><\/iframe><\/p>\n<p>Follow Intego on your favorite social and media channels: <a href=\"https:\/\/www.facebook.com\/Intego\" target=\"_blank\" rel=\"noopener noreferrer\">Facebook<\/a>, <a href=\"https:\/\/www.instagram.com\/intego_security\/\" target=\"_blank\" rel=\"noopener noreferrer\">Instagram<\/a>, <a href=\"https:\/\/twitter.com\/IntegoSecurity\" target=\"_blank\" rel=\"noopener noreferrer\">Twitter<\/a>, and <a href=\"https:\/\/www.youtube.com\/user\/IntegoVideo?sub_confirmation=1\" target=\"_blank\" rel=\"noopener noreferrer\">YouTube<\/a> (click the \ud83d\udd14 to get notified about new videos).<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Update, October 2024: This flaw still hasn’t been fixed as of the 2024 U.S. presidential election cycle; see our latest article about this story: Apple still hasn’t fixed 6-year-old “fake headlines” flaw exploitable for election interference For nearly two years, Apple has neglected to fix a bug that enables anyone to create fake news headlines […]<\/p>\n","protected":false},"author":14,"featured_media":92478,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"spay_email":"","jetpack_publicize_message":"","jetpack_is_tweetstorm":false},"categories":[13],"tags":[563,69,115,143],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v17.4 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<meta name=\"description\" content=\"Update, October 2024: This flaw still hasn't been fixed as of the 2024 U.S. presidential election cycle; see our latest article about this story:\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.intego.com\/mac-security-blog\/apple-neglects-to-fix-fake-headlines-bug-usable-for-election-interference\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Apple neglects to fix "fake headlines" bug usable for election interference - The Mac Security Blog\" \/>\n<meta property=\"og:description\" content=\"Update, October 2024: This flaw still hasn't been fixed as of the 2024 U.S. presidential election cycle; see our latest article about this story:\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.intego.com\/mac-security-blog\/apple-neglects-to-fix-fake-headlines-bug-usable-for-election-interference\/\" \/>\n<meta property=\"og:site_name\" content=\"The Mac Security Blog\" \/>\n<meta property=\"article:author\" content=\"https:\/\/www.facebook.com\/JoshLong\" \/>\n<meta property=\"article:published_time\" content=\"2020-10-30T22:12:38+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-10-17T14:44:52+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2020\/10\/election-2020-safari-fake-headline-exploit-demo-400x260-1.png\" \/>\n\t<meta property=\"og:image:width\" content=\"400\" \/>\n\t<meta property=\"og:image:height\" content=\"260\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@theJoshMeister\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Joshua Long\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#organization\",\"name\":\"Intego\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/\",\"sameAs\":[],\"logo\":{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#logo\",\"inLanguage\":\"en-US\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2022\/10\/intego-organization-logo-for-google-knowledge-graph-875x875-1.png\",\"contentUrl\":\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2022\/10\/intego-organization-logo-for-google-knowledge-graph-875x875-1.png\",\"width\":875,\"height\":875,\"caption\":\"Intego\"},\"image\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#logo\"}},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#website\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/\",\"name\":\"The Mac Security Blog\",\"description\":\"Keep Macs safe from the dangers of the Internet\",\"publisher\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.intego.com\/mac-security-blog\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/apple-neglects-to-fix-fake-headlines-bug-usable-for-election-interference\/#primaryimage\",\"inLanguage\":\"en-US\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2020\/10\/election-2020-safari-fake-headline-exploit-demo-400x260-1.png\",\"contentUrl\":\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2020\/10\/election-2020-safari-fake-headline-exploit-demo-400x260-1.png\",\"width\":400,\"height\":260,\"caption\":\"Election 2020 Safari iOS Fake Headline Exploit Demonstration\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/apple-neglects-to-fix-fake-headlines-bug-usable-for-election-interference\/#webpage\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/apple-neglects-to-fix-fake-headlines-bug-usable-for-election-interference\/\",\"name\":\"Apple neglects to fix \\\"fake headlines\\\" bug usable for election interference - The Mac Security Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/apple-neglects-to-fix-fake-headlines-bug-usable-for-election-interference\/#primaryimage\"},\"datePublished\":\"2020-10-30T22:12:38+00:00\",\"dateModified\":\"2024-10-17T14:44:52+00:00\",\"description\":\"Update, October 2024: This flaw still hasn't been fixed as of the 2024 U.S. presidential election cycle; see our latest article about this story:\",\"breadcrumb\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/apple-neglects-to-fix-fake-headlines-bug-usable-for-election-interference\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.intego.com\/mac-security-blog\/apple-neglects-to-fix-fake-headlines-bug-usable-for-election-interference\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/apple-neglects-to-fix-fake-headlines-bug-usable-for-election-interference\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.intego.com\/mac-security-blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Apple neglects to fix “fake headlines” bug usable for election interference\"}]},{\"@type\":\"Article\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/apple-neglects-to-fix-fake-headlines-bug-usable-for-election-interference\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/apple-neglects-to-fix-fake-headlines-bug-usable-for-election-interference\/#webpage\"},\"author\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#\/schema\/person\/dcf592275ba6edde8d20f1e60029c6b1\"},\"headline\":\"Apple neglects to fix “fake headlines” bug usable for election interference\",\"datePublished\":\"2020-10-30T22:12:38+00:00\",\"dateModified\":\"2024-10-17T14:44:52+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/apple-neglects-to-fix-fake-headlines-bug-usable-for-election-interference\/#webpage\"},\"wordCount\":1067,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/apple-neglects-to-fix-fake-headlines-bug-usable-for-election-interference\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2020\/10\/election-2020-safari-fake-headline-exploit-demo-400x260-1.png\",\"keywords\":[\"iMessage\",\"iOS\",\"Safari\",\"Vulnerabilities\"],\"articleSection\":[\"Security & Privacy\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.intego.com\/mac-security-blog\/apple-neglects-to-fix-fake-headlines-bug-usable-for-election-interference\/#respond\"]}]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#\/schema\/person\/dcf592275ba6edde8d20f1e60029c6b1\",\"name\":\"Joshua Long\",\"image\":{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#personlogo\",\"inLanguage\":\"en-US\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/5ad29f4111ce14911abaa98cbbcdea42?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/5ad29f4111ce14911abaa98cbbcdea42?s=96&d=mm&r=g\",\"caption\":\"Joshua Long\"},\"description\":\"Joshua Long (@theJoshMeister), formerly Intego\\u2019s Chief Security Analyst, is a renowned security researcher and writer, and an award-winning public speaker. Josh has a master\\u2019s degree in IT concentrating in Internet Security and has taken doctorate-level coursework in Information Security. Apple has publicly acknowledged Josh for discovering an Apple\\u00a0ID authentication vulnerability. Josh has conducted cybersecurity research for well over 25 years, which is often featured by major news outlets worldwide. Keep up with Josh via X\/Twitter, LinkedIn, Facebook, Instagram, YouTube, Patreon, Mastodon, the JoshMeister on Security, and more. \\u2014\",\"sameAs\":[\"https:\/\/security.thejoshmeister.com\",\"https:\/\/www.facebook.com\/JoshLong\",\"https:\/\/www.instagram.com\/thejoshmeister\/\",\"https:\/\/www.linkedin.com\/in\/thejoshmeister\",\"https:\/\/www.pinterest.com\/thejoshmeister\/\",\"https:\/\/twitter.com\/theJoshMeister\",\"https:\/\/www.youtube.com\/@theJoshMeister\"],\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/author\/joshlong\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"description":"Update, October 2024: This flaw still hasn't been fixed as of the 2024 U.S. presidential election cycle; see our latest article about this story:","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.intego.com\/mac-security-blog\/apple-neglects-to-fix-fake-headlines-bug-usable-for-election-interference\/","og_locale":"en_US","og_type":"article","og_title":"Apple neglects to fix \"fake headlines\" bug usable for election interference - The Mac Security Blog","og_description":"Update, October 2024: This flaw still hasn't been fixed as of the 2024 U.S. presidential election cycle; see our latest article about this story:","og_url":"https:\/\/www.intego.com\/mac-security-blog\/apple-neglects-to-fix-fake-headlines-bug-usable-for-election-interference\/","og_site_name":"The Mac Security Blog","article_author":"https:\/\/www.facebook.com\/JoshLong","article_published_time":"2020-10-30T22:12:38+00:00","article_modified_time":"2024-10-17T14:44:52+00:00","og_image":[{"width":400,"height":260,"url":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2020\/10\/election-2020-safari-fake-headline-exploit-demo-400x260-1.png","type":"image\/png"}],"twitter_card":"summary_large_image","twitter_creator":"@theJoshMeister","twitter_misc":{"Written by":"Joshua Long","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Organization","@id":"https:\/\/www.intego.com\/mac-security-blog\/#organization","name":"Intego","url":"https:\/\/www.intego.com\/mac-security-blog\/","sameAs":[],"logo":{"@type":"ImageObject","@id":"https:\/\/www.intego.com\/mac-security-blog\/#logo","inLanguage":"en-US","url":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2022\/10\/intego-organization-logo-for-google-knowledge-graph-875x875-1.png","contentUrl":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2022\/10\/intego-organization-logo-for-google-knowledge-graph-875x875-1.png","width":875,"height":875,"caption":"Intego"},"image":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#logo"}},{"@type":"WebSite","@id":"https:\/\/www.intego.com\/mac-security-blog\/#website","url":"https:\/\/www.intego.com\/mac-security-blog\/","name":"The Mac Security Blog","description":"Keep Macs safe from the dangers of the Internet","publisher":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.intego.com\/mac-security-blog\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"ImageObject","@id":"https:\/\/www.intego.com\/mac-security-blog\/apple-neglects-to-fix-fake-headlines-bug-usable-for-election-interference\/#primaryimage","inLanguage":"en-US","url":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2020\/10\/election-2020-safari-fake-headline-exploit-demo-400x260-1.png","contentUrl":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2020\/10\/election-2020-safari-fake-headline-exploit-demo-400x260-1.png","width":400,"height":260,"caption":"Election 2020 Safari iOS Fake Headline Exploit Demonstration"},{"@type":"WebPage","@id":"https:\/\/www.intego.com\/mac-security-blog\/apple-neglects-to-fix-fake-headlines-bug-usable-for-election-interference\/#webpage","url":"https:\/\/www.intego.com\/mac-security-blog\/apple-neglects-to-fix-fake-headlines-bug-usable-for-election-interference\/","name":"Apple neglects to fix \"fake headlines\" bug usable for election interference - The Mac Security Blog","isPartOf":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/apple-neglects-to-fix-fake-headlines-bug-usable-for-election-interference\/#primaryimage"},"datePublished":"2020-10-30T22:12:38+00:00","dateModified":"2024-10-17T14:44:52+00:00","description":"Update, October 2024: This flaw still hasn't been fixed as of the 2024 U.S. presidential election cycle; see our latest article about this story:","breadcrumb":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/apple-neglects-to-fix-fake-headlines-bug-usable-for-election-interference\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.intego.com\/mac-security-blog\/apple-neglects-to-fix-fake-headlines-bug-usable-for-election-interference\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.intego.com\/mac-security-blog\/apple-neglects-to-fix-fake-headlines-bug-usable-for-election-interference\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.intego.com\/mac-security-blog\/"},{"@type":"ListItem","position":2,"name":"Apple neglects to fix “fake headlines” bug usable for election interference"}]},{"@type":"Article","@id":"https:\/\/www.intego.com\/mac-security-blog\/apple-neglects-to-fix-fake-headlines-bug-usable-for-election-interference\/#article","isPartOf":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/apple-neglects-to-fix-fake-headlines-bug-usable-for-election-interference\/#webpage"},"author":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#\/schema\/person\/dcf592275ba6edde8d20f1e60029c6b1"},"headline":"Apple neglects to fix “fake headlines” bug usable for election interference","datePublished":"2020-10-30T22:12:38+00:00","dateModified":"2024-10-17T14:44:52+00:00","mainEntityOfPage":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/apple-neglects-to-fix-fake-headlines-bug-usable-for-election-interference\/#webpage"},"wordCount":1067,"commentCount":0,"publisher":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#organization"},"image":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/apple-neglects-to-fix-fake-headlines-bug-usable-for-election-interference\/#primaryimage"},"thumbnailUrl":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2020\/10\/election-2020-safari-fake-headline-exploit-demo-400x260-1.png","keywords":["iMessage","iOS","Safari","Vulnerabilities"],"articleSection":["Security & Privacy"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.intego.com\/mac-security-blog\/apple-neglects-to-fix-fake-headlines-bug-usable-for-election-interference\/#respond"]}]},{"@type":"Person","@id":"https:\/\/www.intego.com\/mac-security-blog\/#\/schema\/person\/dcf592275ba6edde8d20f1e60029c6b1","name":"Joshua Long","image":{"@type":"ImageObject","@id":"https:\/\/www.intego.com\/mac-security-blog\/#personlogo","inLanguage":"en-US","url":"https:\/\/secure.gravatar.com\/avatar\/5ad29f4111ce14911abaa98cbbcdea42?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/5ad29f4111ce14911abaa98cbbcdea42?s=96&d=mm&r=g","caption":"Joshua Long"},"description":"Joshua Long (@theJoshMeister), formerly Intego\u2019s Chief Security Analyst, is a renowned security researcher and writer, and an award-winning public speaker. Josh has a master\u2019s degree in IT concentrating in Internet Security and has taken doctorate-level coursework in Information Security. Apple has publicly acknowledged Josh for discovering an Apple\u00a0ID authentication vulnerability. Josh has conducted cybersecurity research for well over 25 years, which is often featured by major news outlets worldwide. Keep up with Josh via X\/Twitter, LinkedIn, Facebook, Instagram, YouTube, Patreon, Mastodon, the JoshMeister on Security, and more. \u2014","sameAs":["https:\/\/security.thejoshmeister.com","https:\/\/www.facebook.com\/JoshLong","https:\/\/www.instagram.com\/thejoshmeister\/","https:\/\/www.linkedin.com\/in\/thejoshmeister","https:\/\/www.pinterest.com\/thejoshmeister\/","https:\/\/twitter.com\/theJoshMeister","https:\/\/www.youtube.com\/@theJoshMeister"],"url":"https:\/\/www.intego.com\/mac-security-blog\/author\/joshlong\/"}]}},"jetpack_featured_media_url":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2020\/10\/election-2020-safari-fake-headline-exploit-demo-400x260-1.png","jetpack_publicize_connections":[],"jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p4VAYd-o3p","amp_enabled":true,"_links":{"self":[{"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/posts\/92467"}],"collection":[{"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/users\/14"}],"replies":[{"embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/comments?post=92467"}],"version-history":[{"count":28,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/posts\/92467\/revisions"}],"predecessor-version":[{"id":102092,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/posts\/92467\/revisions\/102092"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/media\/92478"}],"wp:attachment":[{"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/media?parent=92467"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/categories?post=92467"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/tags?post=92467"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
![\"Election](\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2020\/10\/election-2020-safari-fake-headline-exploit-demo-600x420-1.png\")
<\/p>\n<\/p>\n