Security Alert: Safari for iOS 5.1 reportedly vulnerable to address bar spoofing
What does this mean in plain English? It means that the error can be exploited to trick users into supplying personal information to a malicious website, since the Safari address bar can display a totally different address than the website that is actually being displayed.
MajorSecurity.net has notified Apple of the issue, so it's just a matter of time before a patch is available to fix the problem. In the meantime, it's a good idea to not open untrusted links and to think twice about sending personal information to any website that asks for it through Safari on your iOS device.
For those who would like a working example of the vulnerability in action, MajorSecurity.net has created a web page at http://majorsecurity.net/html5/ios51-demo.html. Just open that page in Safari on a device iOS 5.1, click the demo button at the top of the page, and prepare to see something that looks amazingly like the www.apple.com site but is actually hosted by MajorSecurity.net.
We'll let you know when the update to fix this issue is available.
[via The Next Web]
Subscribe to Newsletter
Software Updatesmore updates
- OS X Yosemite 10.10.2, iOS 8.1.3 updates now available
- Sports Illustrated 120 SPORTS channel comes to Apple TV
- Logic Pro X update brings AirDrop support, new effects, tools, and more
- Parallels Access 2.5 released, adds file manager, computer-to-computer remote access
- The Google Translate iOS app is about to get a lot smarter
- Dropbox adds file/folder renaming and Office document editing to iOS app