Mobile Safari Vulnerable To Address Bar Spoofing in iOS 5.1

^_^ · March 2012

Mobile Safari Vulnerable To Address Bar Spoofing in iOS 5.1

A new vulnerability in Safari in iOS 5.x has been found, which can be exploited to spoof URLs in the address bar. Taking advantage of this bug, malicious websites can spoof their domain name to a URL the user might trust, and ask for sensitive information like login credentials, credit card numbers etc.The discovery was made by David Vieira-Kurz of MajorSecurity, who explains the details behind the vulnerability:

Read the full story here

fas · March 2012

Why cant apple perfect the OS?

Joe · March 2012

tell me one thing that is "perfect".....troll

Jack Gruber · March 2012

couldn't this be used to inject and Jailbreak through safari? Then Patch Later?

Val · March 2012

I don't see how showing a different URL in the address bar could be used in jailbreaking. This only makes a user think they are on a site that they are not.

Rounak · March 2012

Nope.

ItsyourBoy · March 2012

That's what this is about that u can be tricked into thinking your on another site and possibly give up personal info where the hell did u get jailbreaking from ? Learn how to read @val

Don Dilla · March 2012

What if you're using a different browser? Can it still work?

Rounak · March 2012

"The Web Views used in third party browsers as well as apps like Twitter don't seem to exhibit this bug."

WillyWonker · March 2012

Because they don't have you working there.

Thunderbolt294 · March 2012

"so we advise you to be careful when clicking links from sources that you do not trust"That's much harder to do since the introduction of URL shorteners.

Yasser · March 2012

+1

iBucetas · March 2012

bixera(*☻-☻*)

Alex · March 2012

I don't think so it said only in safari

Mobile Safari Vulnerable To Address Bar Spoofing in iOS 5.1

Comments