Eight years ago, security researcher Colin Mulliner found and reported an intriguing bug to Apple. Even though the bug was in Safari on iOS, the vulnerability involved unwanted telephone calls, thanks to a special sort of web link using URLs starting with tel:.
Here’s how it worked.