Address Bar Security Issue Found in iOS 5.1 Safari
A security firm has discovered a security issue in the iOS 5.1 version of MobileSafari, the most recent version of the operating system that runs on millions of Apple mobile devices. The behavior was discovered and detailed by David Vieira-Kurz of MajorSecurity.net.
The weakness is caused due to an error within the handling of URLs when using javascript's window.open() method. This can be exploited to potentially trick users into supplying sensitive information to a malicious web site, because information displayed in the address bar can be constructed in a certain way, which may lead users to believe that they're visiting another web site than the displayed web site.
To test it out, visit this demo page on an iPhone, iPod Touch or iPad running iOS 5.1. Click the 'Demo' button and MobileSafari will open a new window displaying "
www.apple.com" in the address bar, though it's actually loading a page from MajorSecurity.net.
The security firm does note that Apple was informed of the vulnerability three weeks ago, and it is only being made public today. Apple acknowledged the bug and should be pushing a fix soon.
Recent Mac and iOS Blog Stories
• Some Smart Covers Not Working Properly on New iPad
• Angry Birds Space Launches on iOS and Mac
• More '4G' Strings Found in iOS 5.1
• iPhone 4S Mod Adds Real Flashlight to Headphone Jack
• Hipstamatic and Instagram Link Up in Photo Sharing Partnership
http://www.macrumors.com/2012/03/22/address-bar-security-issue-found-in-ios-5-1-safari/