Sunday, June 25, 2017
Home / Security / Address Spoofing Vulnerability found in Safari on iOS 5.1

Address Spoofing Vulnerability found in Safari on iOS 5.1

David Vieira-Kurz from infosec firm  MajorSecurity has discovered a major url spoofing vulnerability in Mobile Safari under the iOS 5.0, 5.0.1 and the latest release 5.1.   The problem is the way it handles JavaScript’s window.open() function.

This exploit can be put into use by phishing sites to mask the fake page with the real websites URL.  These is really no way you are able to tell the difference, therefor the user will submit all info to the phishing site.

“This can be exploited to potentially trick users into supplying sensitive information to a malicious web site,” Vieira-Kurz explained, “because information displayed in the address bar can be constructed in a certain way, which may lead users to believe that they’re visiting another web site than the displayed web site.” David Vieira-Kurz explains.

Apple has not patched this yet, but it is advised to apply the patch as soon as it is released.

 

About FastFlux

Owner of ZeroSecurity, interested in programming, malware analysis and penetration testing. If you would like to write for the ZeroSecurity team, please use the contact form above.

Check Also

Amazon hacked – hacker leaks 80,000 login credentials

A hacker going by the name 0x2Taylor has said to have breached the servers of …