Address Bar Security Issue Found in iOS 5.1 Safari
A security firm has discovered a security issue in the iOS 5.1 version of MobileSafari, the most recent version of the operating system that runs on millions of Apple mobile devices. The behavior was discovered and detailed by David Vieira-Kurz of MajorSecurity.net.
The weakness is caused due to an error within the handling of URLs when using javascript's window.open() method. This can be exploited to potentially trick users into supplying sensitive information to a malicious web site, because information displayed in the address bar can be constructed in a certain way, which may lead users to believe that they're visiting another web site than the displayed web site.
To test it out, visit this demo page on an iPhone, iPod Touch or iPad running iOS 5.1. Click the 'Demo' button and MobileSafari will open a new window displaying "www.apple.com" in the address bar, though it's actually loading a page from MajorSecurity.net.
The security firm does note that Apple was informed of the vulnerability three weeks ago, and it is only being made public today. Apple acknowledged the bug and should be pushing a fix soon.
Popular Stories
While Apple's early M1-based Macs can only officially support a single external display, there are ways around the limitation. Anker is launching a new 10-in-1 USB-C docking station today which delivers just that.
The Anker 563 USB-C dock includes two HDMI ports and a DisplayPort port, and it leverages DisplayLink to carry multiple video signals over a single connection. Given that this hub...
The Apple Watch Series 8 could feature an all-new design with a flat display, according to the leaker known as "ShrimpApplePro."
In his latest video on the YouTube channel Front Page Tech, Jon Prosser highlighted information from ShrimpApplePro that suggests the Apple Watch Series 8 could feature a flat display in what seems to be a design originally rumored for the Apple Watch Series 7. ...
Earlier this week, The Information's Wayne Ma outlined struggles that Apple has faced during the development of its long-rumored AR/VR headset. Now, in a follow-up report, he has shared several additional details about the wearable device. Apple headset render created by Ian Zelbo based on The Information reporting For starters, one of the headset's marquee features is said to be lifelike...
Apple today shared a new ad highlighting iPhone privacy features like App Tracking Transparency and Mail Privacy Protection that are designed to give users more transparency and control when it comes to their personal data being collected.
The ad revolves around a young woman named Ellie who discovers that her personal data is being sold at an auction house, with bids being placed on her...
Apple last week demonstrated its upcoming AR/VR headset to Apple board members, indicating that the device is in an advanced stage of development and could see a debut in the not too distant future, reports Bloomberg. Apple has also ramped up development of the software that runs on the headset, with that software expected to be called "RealityOS," or rOS for short. Render via designer Ian ...
Top Rated Comments
ALWAYS enter the URL manually or use your own bookmark for ANYTHING remotely important. This also means DO NOT click on the links in your email from financial institutions, PayPal, etc.
I mean, usually these things are like "if you download pirated software AND give it your password AND..."
But this one's pretty good. That, like, just worked.
Thanks Porco. An easy fix until the next update.
For a Mac I'd argue that Chrome is superior but that's not to say it's the perfect browser either. Firefox is too intrusive with all the warning messages like Vista and really relies on 100% user input to make decisions. IE9 has come a long way, it's actually one of the fastest and safest browsers to be used on Windows machines.
For mijail, yes I'm aware of that it's about Mobile Safari however Safari in itself is very late to the game, they introduced sandboxing years after Google's been doing it with Chrome. There's a lot of great extensions and plugins for Chrome and Firefox but Safari's seriously lacking compared to the other 2.