Thursday, March 22, 2012, 02:00 pm PT (05:00 pm ET)
Safari vulnerability in iOS 5.1 allows URL spoofingA newly-discovered mobile Safari web browser vulnerability allows a malicious website to display a URL that is different than the website's actual address, and can trick users into handing over sensitive personal information.
"This can be exploited to potentially trick users into supplying sensitive information to a malicious web site," Major Security explains, "because information displayed in the address bar can be constructed in a certain way, which may lead users to believe that they're visiting another web site than the displayed web site."
The exploit was tested on an iPhone 4, iPhone 4S, iPad 2 and third-generation iPad running iOS 5.1, and it seems that any iDevice running Apple's latest mobile OS is affected by the vulnerability. Users can test the vulnerability themselves by visiting this webiste from a mobile device. After a user clicks the "demo" button on the test page, Safari will open a new window which shows "http://www.apple.com" in the address bar, but that URL is in fact being displayed through an iframe being hosted by Major Security's servers.
By spoofing a URL and adding some convincing images to a malicious site, users can easily be tricked into thinking they are visiting a legitimate website such as Apple's online store.
"Apple" iPad webpage through Major Security servers (left) compared to official Apple site (right).
The vulnerability was originally found in iOS 5.0 and reproduced on iOS 5.1 earlier in March. Apple was made aware of the issue on March 1 and posted an advisory regarding the matter on March 20. A patch has yet to be pushed out, though the iPhone maker is expected to do so in the near future.
On Topic: iPhone
- Rumor: Design of Apple's new big-screen iPhone will be cross between iPhone 5c & 7th-gen iPod nano
- Apple to stick with Samsung for A8 chip, final manufacturing prep underway - report
- AT&T drops price of 2GB no-contract plan by $15, T-Mobile doubles down on 'Simple Choice'
- Report: iPhone 5s to soon account for 1 in 5 iPhones, 5c growth stagnant
- Russia's Megafon deal with Apple, Inc. guarantees sales of 750k iPhones over 3 years