The Finnish Communications Regulatory Authority inform about a spotted iOS Vulnerability, which allows apps to create calls without user's permission.
For more information , see translation below (machine translated)
ORIGINAL SOURCE. https://www.viestintavirasto.fi/tietoturva/haavoittuvuudet/2014/haavoittuvuus-2014-099.html
----------
I cannot reproduce in iOS 7.1.2
For more information , see translation below (machine translated)
Apple's iOS operating system calls to unauthorized vulnerability was
08/22/2014 at 14:41 - Updated 08/22/2014 at 15:03
Apple iOS operating system, some third-party applications, it is possible to make use of unauthorized calls. Affected phone numbers on tel: // links in treatment.
Apple's iOS operating system is a vulnerability that allows the operating system interface to applications using the web browser will automatically open the attacker in a certain way formulated by the links. It is related to the interface's handling of phone numbers suggestive tel: // links. Links will open without the usual user confirmation when the call is started immediately. An attacker can establish a link in such a way that it opens automatically, without user intervention, during his visit to the attacker's web page. The user's phone can be used, for example by calling premium rate numbers.
The vulnerability occurs third-party applications that open the links within the application. Such applications include, among other things, Facebook, Facebook Messenger, Twitter, Google Gmail. The vulnerability does not apply to iOS devices of its own Safari browser.
The user can protect yourself from hackers call to premium rate numbers by connecting an operator interface barring service number.
ORIGINAL SOURCE. https://www.viestintavirasto.fi/tietoturva/haavoittuvuudet/2014/haavoittuvuus-2014-099.html
----------
I cannot reproduce in iOS 7.1.2