[muglo] Problem mobile safari .... Be aware
- From: Frank Birch <fbirch@xxxxxxxxxx>
- Date: Thu, 22 Mar 2012 17:21:30 -0400
Thursday March 22, 2012 11:53 am PDT by Jordan Golson
A security firm has discovered a security issue in the iOS 5.1 version of
MobileSafari, the most recent version of the operating system that runs on
millions of Apple mobile devices. The behavior was discovered and detailed by
David Vieira-Kurz of MajorSecurity.net.
The weakness is caused due to an error within the handling of URLs when using
javascript's window.open() method. This can be exploited to potentially trick
users into supplying sensitive information to a malicious web site, because
information displayed in the address bar can be constructed in a certain way,
which may lead users to believe that they're visiting another web site than the
displayed web site.
To test it out, visit this demo page on an iPhone, iPod Touch or iPad running
iOS 5.1. Click the 'Demo' button and MobileSafari will open a new window
displaying "www.apple.com" in the address bar, though it's actually loading a
page from MajorSecurity.net.
The security firm does note that Apple was informed of the vulnerability three
weeks ago, and it is only being made public today. Apple acknowledged the bug
and should be pushing a fix soon.
Other related posts:
- » [muglo] Problem mobile safari .... Be aware - Frank Birch
