Spoofing exploit discovered in Safari for iOS

While iOS 5.1 might be a welcome update for iOS users, it seems that the update has also opened up a possible vulnerability on the iOS version of Safari where it could be exploited to display a different URL to that of the actual website you are browsing, which could be used by malicious websites to trick you into providing sensitive information.

This was discovered by David Vieira-Kurz of MajorSecurity who revealed that this exploit could be taken advantage of due to the way Safari handles the JavaScript “window.open()” method, a method which is commonly used to open up new windows on the mobile browser. This is apparently an issue important enough for the Dutch Ministry of Security and Justice to issue a warning about it.

Apple has reportedly acknowledged the bug and will be issuing an fix to patch it up in the next iOS 5 update. In the mean time, head on down to MajorSecurity for the details where you will also be able to reproduce the bug from an iOS device. Until an update has been released, we guess we don’t have to tell you that staying away from suspicious websites will go a long way in preventing malicious code and exploits from harming your mobile device.

Tyler Lee
Categories: Apple, Web
Tags: iOS, safari