It is not a 0day in the traditional meaning, it's a simple did not read the manual and bad defaults case from Apple.

Thanks to Guillaume K. Ross by his research and his presentation at BSidesLV 2014.

1. Go Lang
2. Traffic web framework

1. git clone https://github.com/juarlex/url-schemes.git
2. Edit the traffic.conf file and set your settings
3. go clean; go build; ./url-schemes
4. Open the page in your iOS device or your web browser: http://127.0.0.1:3000/

1. iOS URL Schemes: omg://, Guillaume K. Ross, BSidesLV, 2004
2. RTFM 0day in iOS apps: G+, Gmail, FB Messenger, etc.