Thursday, March 22, 2012

Safari Vulnerable to Address Bar Spoofing in iOS 5.1

iOS 5Surf with caution if you’re using Safari on iOS 5.1!

David Vieira-Kurz of discovered that “an error within the handling of URLs when using JavaScript’s method” leaves the browser susceptible to address bar spoofing.

In plain English, that means that cybercrooks can use this flaw to make Safari’s address bar say you’re on one website when you’re actually on another.

This leaves the perfect opportunity for miscreants to launch phishing attacks to collect personal information from unsuspecting users.

The bug has been reproduced on the iPhone 4 , iPhone 4S, iPad 2 and the new iPad running iOS 5.1. A proof of concept can be seen here.

This vulnerability has been reported to Apple, so hopefully a patch will be released soon.

Until then, be careful what links you click and information you supply via your mobile device.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

No comments:

Post a Comment