Address Bar Security Issue Found in iOS 5.1 Safari

by

A security firm has discovered a security issue in the iOS 5.1 version of MobileSafari, the most recent version of the operating system that runs on millions of Apple mobile devices. The behavior was discovered and detailed by David Vieira-Kurz of MajorSecurity.net.

The weakness is caused due to an error within the handling of URLs when using javascript's window.open() method. This can be exploited to potentially trick users into supplying sensitive information to a malicious web site, because information displayed in the address bar can be constructed in a certain way, which may lead users to believe that they're visiting another web site than the displayed web site.

addressbarvul
To test it out, visit this demo page on an iPhone, iPod Touch or iPad running iOS 5.1. Click the 'Demo' button and MobileSafari will open a new window displaying "www.apple.com" in the address bar, though it's actually loading a page from MajorSecurity.net.

The security firm does note that Apple was informed of the vulnerability three weeks ago, and it is only being made public today. Apple acknowledged the bug and should be pushing a fix soon.

Popular Stories

iphone 16 display

iPhone 17's Scratch Resistant Anti-Reflective Display Coating Canceled

Monday April 28, 2025 12:48 pm PDT by
Apple may have canceled the super scratch resistant anti-reflective display coating that it planned to use for the iPhone 17 Pro models, according to a source with reliable information that spoke to MacRumors. Last spring, Weibo leaker Instant Digital suggested Apple was working on a new anti-reflective display layer that was more scratch resistant than the Ceramic Shield. We haven't heard...
Read Full Article111 comments
apple watch ultra yellow

What's Next for the Apple Watch Ultra 3 and Apple Watch SE 3

Friday April 25, 2025 2:44 pm PDT by
This week marks the 10th anniversary of the Apple Watch, which launched on April 24, 2015. Yesterday, we recapped features rumored for the Apple Watch Series 11, but since 2015, the Apple Watch has also branched out into the Apple Watch Ultra and the Apple Watch SE, so we thought we'd take a look at what's next for those product lines, too. 2025 Apple Watch Ultra 3 Apple didn't update the...
Read Full Article65 comments
iPhone 17 Air Pastel Feature

iPhone 17 Reaches Key Milestone Ahead of Mass Production

Monday April 28, 2025 8:44 am PDT by
Apple has completed Engineering Validation Testing (EVT) for at least one iPhone 17 model, according to a paywalled preview of an upcoming DigiTimes report. iPhone 17 Air mockup based on rumored design The EVT stage involves Apple testing iPhone 17 prototypes to ensure the hardware works as expected. There are still DVT (Design Validation Test) and PVT (Production Validation Test) stages to...
Read Full Article27 comments
Beyond iPhone 13 Better Blue

20th Anniversary iPhone Likely to Be Made in China Due to 'Extraordinarily Complex' Design

Monday April 28, 2025 4:29 am PDT by
Apple will likely manufacture its 20th anniversary iPhone models in China, despite broader efforts to shift production to India, according to Bloomberg's Mark Gurman. In 2027, Apple is planning a "major shake-up" for the iPhone lineup to mark two decades since the original model launched. Gurman's previous reporting indicates the company will introduce a foldable iPhone alongside a "bold"...
Read Full Article122 comments
iPhone 17 Air Pastel Feature

iPhone 17 Air Launching Later This Year With These 16 New Features

Thursday April 24, 2025 8:24 am PDT by
While the so-called "iPhone 17 Air" is not expected to launch until September, there are already plenty of rumors about the ultra-thin device. Overall, the iPhone 17 Air sounds like a mixed bag. While the device is expected to have an impressively thin and light design, rumors indicate it will have some compromises compared to iPhone 17 Pro models, including only a single rear camera, a...
Read Full Article101 comments
iPhone 17 Pro Blue Feature Tighter Crop

iPhone 17 Pro Launching Later This Year With These 13 New Features

Wednesday April 23, 2025 8:31 am PDT by
While the iPhone 17 Pro and iPhone 17 Pro Max are not expected to launch until September, there are already plenty of rumors about the devices. Below, we recap key changes rumored for the iPhone 17 Pro models as of April 2025: Aluminum frame: iPhone 17 Pro models are rumored to have an aluminum frame, whereas the iPhone 15 Pro and iPhone 16 Pro models have a titanium frame, and the iPhone ...
Read Full Article
iphone 17 air iphone 16 pro

iPhone 17 Air USB-C Port May Have This Unusual Design Quirk

Wednesday April 30, 2025 3:59 am PDT by
Apple is preparing to launch a dramatically thinner iPhone this September, and if recent leaks are anything to go by, the so-called iPhone 17 Air could boast one of the most radical design shifts in recent years. iPhone 17 Air dummy model alongside iPhone 16 Pro (credit: AppleTrack) At just 5.5mm thick (excluding a slightly raised camera bump), the 6.6-inch iPhone 17 Air is expected to become ...
Read Full Article128 comments

Top Rated Comments

soco Avatar
soco
171 months ago
Apple are getting a little slack:

1. Hot iPads
2. Wifi Issues On New iPad
3. Safari On Retina Ipad's not actually pulling the fullres wallpaper / images
4. Security issues within 5.1

Apple. You have a B- you can and should be doing a lot better than this!!
Sorry to break it to you, and I loved the man, but he passed away back in October. It's Tim & Co.'s company now and they, despite misinformation to the contrary, are having just as many (read: few) real issues as they did when Steve was around.
Score: 14 Votes (Like | Disagree)
doboy Avatar
doboy
171 months ago
Public Announcement:

ALWAYS enter the URL manually or use your own bookmark for ANYTHING remotely important. This also means DO NOT click on the links in your email from financial institutions, PayPal, etc.
Score: 10 Votes (Like | Disagree)
soco Avatar
soco
171 months ago
And just like that, the 5.1 Jailbreak was delayed another month. :(
Score: 9 Votes (Like | Disagree)
Small White Car Avatar
Small White Car
171 months ago
That's a pretty good trick.

I mean, usually these things are like "if you download pirated software AND give it your password AND..."

But this one's pretty good. That, like, just worked.
Score: 6 Votes (Like | Disagree)
RVdave Avatar
RVdave
171 months ago
"Settings> Safari> Javascript > Off"

Thanks Porco. An easy fix until the next update.
Score: 5 Votes (Like | Disagree)
Hyper-X Avatar
Hyper-X
171 months ago
Approximately 100% of iOS users use Safari.

And how is it the worst? It's the best for Mac (idk about Windows). Even if you were going to say it was worse than FireFox or something, Internet Explorer is undoubtedly the worst on any OS.
I typed that comment on iOS and it wasn't on Safari but rather iCab. In fact my MacBook doesn't use Safari by default. I understand why iOS and Mac users use Safari because it comes with it by default, the same reason why there's so many IE users on Windows. My Windows computers have never seen Safari installed in a very long time.

For a Mac I'd argue that Chrome is superior but that's not to say it's the perfect browser either. Firefox is too intrusive with all the warning messages like Vista and really relies on 100% user input to make decisions. IE9 has come a long way, it's actually one of the fastest and safest browsers to be used on Windows machines.

For mijail, yes I'm aware of that it's about Mobile Safari however Safari in itself is very late to the game, they introduced sandboxing years after Google's been doing it with Chrome. There's a lot of great extensions and plugins for Chrome and Firefox but Safari's seriously lacking compared to the other 2.
Score: 4 Votes (Like | Disagree)
Read All Comments