Apple

URL Spoofing in Safari Patched in iOS 5.1.1

Last month an exploit was found in Safari that allowed URL Spoofing. This wasn’t a huge concern at the time but it was definitely a security issue, and in the wrong hands could be dangerous to iOS users. But it looks like with the release of iOS 5.1.1 Apple has taken care of the problem…

This vulnerability was originally discovered by MajorSecurity.net.

“The weakness is caused due to an error within the handling of URLs when using javascript’s window.open() method. This can be exploited to potentially trick users into supplying sensitive information to a malicious website, because information displayed in the address bar can be constructed in a certain way, which may lead users to believe that they’re visiting another website that the displayed web site.”

Luckily with the release of iOS 5.1.1 this bug has been patched!

Safari

Available for: iPhone 3GS, iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad, iPad 2

Impact: A maliciously crafted website may be able to spoof the address in the location bar

Description: A URL spoofing issue existed in Safari. This could be used in a malicious web site to direct the user to a spoofed site that visually appeared to be a legitimate domain. This issue is addressed through improved URL handling. This issue does not affect OS X systems.

iOS 5.1.1 is available for download now through your devices Software Update or via iTunes.

Source: Cult of Mac

Share this Story