David Vieira-Kurz of MajorSecurity has discovered a security issue with Mobile Safari in iOS 5.1.
The weakness is caused due to an error within the handling of URLs when using javascript's window.open() method. This can be exploited to potentially trick users into supplying sensitive information to a malicious web site, because information displayed in the address bar can be constructed in a certain way, which may lead users to believe that they're visiting another web site than the displayed web site.
The vulnerability has been tested present on an iPhone4, iPhone4S, iPad2 and iPad3 running iOS 5.1. Apple was notified on March 3rd of the vulnerability and should release an update to iOS that will resolve the issue shortly.
Steps to Reproduce:
1) Visit http://majorsecurity.net/html5/ios51-demo.html with Safari on iOS 5.1
2) Click the "demo" button
3) Safari will open a new window with "http://www.apple.com" in the address bar, but in fact "http://www.apple.com" is being displayed inside an iframe within the host http://www.majorsecurity.net
4) Safari's address bar is showing "http://www.apple.com" which makes the user believe he/she is currently visiting Apple.com while he's still on the attacker's website.
Read More [via TNW]
The weakness is caused due to an error within the handling of URLs when using javascript's window.open() method. This can be exploited to potentially trick users into supplying sensitive information to a malicious web site, because information displayed in the address bar can be constructed in a certain way, which may lead users to believe that they're visiting another web site than the displayed web site.
The vulnerability has been tested present on an iPhone4, iPhone4S, iPad2 and iPad3 running iOS 5.1. Apple was notified on March 3rd of the vulnerability and should release an update to iOS that will resolve the issue shortly.
Steps to Reproduce:
1) Visit http://majorsecurity.net/html5/ios51-demo.html with Safari on iOS 5.1
2) Click the "demo" button
3) Safari will open a new window with "http://www.apple.com" in the address bar, but in fact "http://www.apple.com" is being displayed inside an iframe within the host http://www.majorsecurity.net
4) Safari's address bar is showing "http://www.apple.com" which makes the user believe he/she is currently visiting Apple.com while he's still on the attacker's website.
Read More [via TNW]