In a report from Infosec (via 9to5Mac), it seems that due to the flaw in the feature, hackers can fool the QR code reader where it prompts users to open a website but instead redirects users to a different website instead. This can be particularly dangerous especially when it comes to banking where you might enter your credentials into the fake website, thus exposing your login details to the hacker who might be able to use it to steal your information or money.
Infosec also claims to have reported this flaw to Apple way back in December of last year, but to date Apple has yet to fix the bug which is why they’re publicly publishing the details now. We’re not sure why Apple has taken so long to close this vulnerability, but hopefully now that the information is public, Apple will finally act on it.
In the meantime we guess the only thing iOS users can do is avoid scanning QR codes that they’re unfamiliar with for now to try and avoid getting phished.