April 18, 2024
Address Bar Spoofing Vulnerability Found in iOS 5.1 Mobile Safari

Address Bar Spoofing Vulnerability Found in iOS 5.1 Mobile Safari

Posted March 22, 2012 at 1:40pm by iClarified
David Vieira-Kurz of MajorSecurity has discovered a security issue with Mobile Safari in iOS 5.1.

The weakness is caused due to an error within the handling of URLs when using javascript's window.open() method. This can be exploited to potentially trick users into supplying sensitive information to a malicious web site, because information displayed in the address bar can be constructed in a certain way, which may lead users to believe that they're visiting another web site than the displayed web site.

The vulnerability has been tested present on an iPhone4, iPhone4S, iPad2 and iPad3 running iOS 5.1. Apple was notified on March 3rd of the vulnerability and should release an update to iOS that will resolve the issue shortly.


Steps to Reproduce:
1) Visit http://majorsecurity.net/html5/ios51-demo.html with Safari on iOS 5.1
2) Click the "demo" button
3) Safari will open a new window with "http://www.apple.com" in the address bar, but in fact "http://www.apple.com" is being displayed inside an iframe within the host http://www.majorsecurity.net
4) Safari's address bar is showing "http://www.apple.com" which makes the user believe he/she is currently visiting Apple.com while he's still on the attacker's website.

Read More [via TNW]


Address Bar Spoofing Vulnerability Found in iOS 5.1 Mobile Safari Address Bar Spoofing Vulnerability Found in iOS 5.1 Mobile Safari
Follow iClarified
Add Comment
Would you like to be notified when someone replies or adds a new comment?
Yes (All Threads)
Yes (This Thread Only)
No
iClarified Icon
Notifications
Would you like to be notified when we post a new Apple news article or tutorial?
Yes
No
Comments (4)
You must login or register to add a comment...
Add Comment
Lostmon
Lostmon - March 22, 2012 at 10:53pm
I have discovered and reported this vuln in safari for windows in 12/03/2011. http://lostmon.blogspot.com
Reply · Like
Jeremy
Jeremy - March 22, 2012 at 7:18pm
I have 4.3.3 and it does the same thing so this has been around for a long time just no one cought it
Reply · Like
Rollback
Rollback - March 22, 2012 at 2:56pm
Seems to still be exploitable in 5.0.1:\
Reply · Like
Robert
Robert - March 22, 2012 at 1:50pm
That´s no good!
Reply · Like
Recent. Read the latest Apple News.
RECENT
AltStore PAL Offers Alternative to App Store in the EU
AltStore PAL Offers Alternative to App Store in the EU
Apple Renews 'For all Mankind' for Season 5, Announces 'Star City' Spinoff Series
Apple Renews 'For all Mankind' for Season 5, Announces 'Star City' Spinoff Series
Apple Shares Official Trailer for Season 3 of 'Acapulco' [Video]
Apple Shares Official Trailer for Season 3 of 'Acapulco' [Video]
TikTok Launches Instagram Rival 'TikTok Notes' [Download]
TikTok Launches Instagram Rival 'TikTok Notes' [Download]
Apple Notes App to Get Integrated Voice Memos and Math Notes [Rumor]
Apple Notes App to Get Integrated Voice Memos and Math Notes [Rumor]
More News
Tutorials. Help is here.
TUTORIALS
Where to Download macOS Monterey
Where to Download macOS Ventura
AppleTV Firmware Download Locations
Where To Download iPad Firmware Files From
Where To Download iPhone Firmware Files From
More Tutorials
Deals. Save on Apple devices and accessories.
DEALS
New 15-inch M3 MacBook Air On Sale for $149.01 Off! [Lowest Price Ever]
New 15-inch M3 MacBook Air On Sale for $149.01 Off! [Lowest Price Ever]
Apple 96W USB-C Power Adapter On Sale for 49% Off [Deal]
Apple 96W USB-C Power Adapter On Sale for 49% Off [Deal]
T-Mobile Offers Free Blink Security Camera System With 5G Home or Small Business Internet
T-Mobile Offers Free Blink Security Camera System With 5G Home or Small Business Internet
AirPods Pro 2 With USB-C On Sale for $189! [Deal]
AirPods Pro 2 With USB-C On Sale for $189! [Deal]
iPad Mini 6 On Sale for Just $375! [Lowest Price Ever]
iPad Mini 6 On Sale for Just $375! [Lowest Price Ever]
More Deals