Apple, iPad, iPhone, iPod touch

[Exploit] Safari Bug Found that allows URL Spoofing in iOS 5.1

A recent bug reported earlier by TheNextWeb, has been found in Safari for iOS 5.1. The bug allows URL Spoofing in your address bar for Safari on your iPhone / iPad / iPod. To put it simply, you could be under the impression your signing into your bank account online and unknowingly be giving your personal information away to potential “evil hackers”.

This bug could be harmful in the wrong hands, but I wouldn’t worry too much about it.

David Vieira-Kurz of Major Security discovered the bug:

“The weakness is caused due to an error within the handling of URLs when using javascript’s method. This can be exploited to potentially trick users into supplying sensitive information to a malicious website, because information displayed in the address bar can be constructed in a certain way, which may lead users to believe that they’re visiting another website that the displayed web site.”

Major Security was even nice enough to provide everyone with a live demo of this Safari bug in action!

If you’d like to test this on your device you can do so by clicking here.

Safari will open a new tab/window and show in the Address bar, but you’ll actually be on This little “hack” is performed using iFrames, which is kind of like a “picture-in-picture” for your web browser.

Since the exploits discovery, it has since been reported to Apple by Major Security and apparently Apple’s already conjuring up a fix for this security flaw.

Notable but unrelated, we are giving away a new iPad! Check out the details on the giveaway article here!

Share this Story

Related Posts

Join Our Mailing List

Email Format

Free iTunes Gift Cards!

Find us on Google Plus