iOS 5.1.1 Patches Address Bar Spoofing Vulnerability

The release of iOS 5.1.1 has patched an address bar spoofing vulnerability found iOS 5.1. The vulnerability was first reported by David Vieira-Kurz of MajorSecurity.

Impact: A maliciously crafted website may be able to spoof the address in the location bar

Description: A URL spoofing issue existed in Safari. This could be used in a malicious web site to direct the user to a spoofed site that visually appeared to be a legitimate domain. This issue is addressed through improved URL handling. This issue does not affect OS X systems.


The new firmware also patches two webkit vulnerabilities using which a maliciously crafted website may execute a cross-site scripting attack or cause unexpected application termination or arbitrary code execution.

Read More [via CultofMac]