Apple, iPad, iPhone, iPod touch

[Exploit] Safari Bug Found that allows URL Spoofing in iOS 5.1

A recent bug reported earlier by TheNextWeb, has been found in Safari for iOS 5.1. The bug allows URL Spoofing in your address bar for Safari on your iPhone / iPad / iPod. To put it simply, you could be under the impression your signing into your bank account online and unknowingly be giving your personal information away to potential “evil hackers”.

This bug could be harmful in the wrong hands, but I wouldn’t worry too much about it.

David Vieira-Kurz of Major Security discovered the bug:

“The weakness is caused due to an error within the handling of URLs when using javascript’s window.open() method. This can be exploited to potentially trick users into supplying sensitive information to a malicious website, because information displayed in the address bar can be constructed in a certain way, which may lead users to believe that they’re visiting another website that the displayed web site.”

Major Security was even nice enough to provide everyone with a live demo of this Safari bug in action!

If you’d like to test this on your device you can do so by clicking here.

Safari will open a new tab/window and show Apple.com in the Address bar, but you’ll actually be on majorsecurity.net. This little “hack” is performed using iFrames, which is kind of like a “picture-in-picture” for your web browser.

Since the exploits discovery, it has since been reported to Apple by Major Security and apparently Apple’s already conjuring up a fix for this security flaw.

Notable but unrelated, we are giving away a new iPad! Check out the details on the giveaway article here!

Share this Story

Related Posts

3 Comments

  1. Appliance repair North York

    January 30, 2018 at 5:04 pm

    228377 172705Greetings! This really is my first comment here so I just wanted to give a quick shout out and let you know I genuinely enjoy reading through your blog posts. Can you recommend any other blogs/websites/forums that deal with the same topics? Thank you so significantly! 61615

    Reply

  2. appliance repair Richmond Hill

    February 1, 2018 at 1:59 pm

    588824 880717You ought to experience a contest personally with the finest blogs on-line. Im going to suggest this page! 785550

    Reply

  3. Kuruganti Event Management Company Hyderabad

    February 4, 2018 at 12:16 am

    805842 665109Of course like your internet site but you require to check the spelling on several of your posts. Several of them are rife with spelling issues and I locate it really bothersome to tell the truth nevertheless Ill surely come back once again. 721625

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

Join Our Mailing List

Email Format

Free iTunes Gift Cards!

Find us on Google Plus