Address Bar Security Issue Found in iOS 5.1 Safari

A security firm has discovered a security issue in the iOS 5.1 version of MobileSafari, the most recent version of the operating system that runs on millions of Apple mobile devices. The behavior was discovered and detailed by David Vieira-Kurz of MajorSecurity.net.

The weakness is caused due to an error within the handling of URLs when using javascript's window.open() method. This can be exploited to potentially trick users into supplying sensitive information to a malicious web site, because information displayed in the address bar can be constructed in a certain way, which may lead users to believe that they're visiting another web site than the displayed web site.

addressbarvul
To test it out, visit this demo page on an iPhone, iPod Touch or iPad running iOS 5.1. Click the 'Demo' button and MobileSafari will open a new window displaying "www.apple.com" in the address bar, though it's actually loading a page from MajorSecurity.net.

The security firm does note that Apple was informed of the vulnerability three weeks ago, and it is only being made public today. Apple acknowledged the bug and should be pushing a fix soon.

Top Rated Comments

soco Avatar
150 months ago
Apple are getting a little slack:

1. Hot iPads
2. Wifi Issues On New iPad
3. Safari On Retina Ipad's not actually pulling the fullres wallpaper / images
4. Security issues within 5.1

Apple. You have a B- you can and should be doing a lot better than this!!
Sorry to break it to you, and I loved the man, but he passed away back in October. It's Tim & Co.'s company now and they, despite misinformation to the contrary, are having just as many (read: few) real issues as they did when Steve was around.
Score: 14 Votes (Like | Disagree)
doboy Avatar
150 months ago
Public Announcement:

ALWAYS enter the URL manually or use your own bookmark for ANYTHING remotely important. This also means DO NOT click on the links in your email from financial institutions, PayPal, etc.
Score: 10 Votes (Like | Disagree)
soco Avatar
150 months ago
And just like that, the 5.1 Jailbreak was delayed another month. :(
Score: 9 Votes (Like | Disagree)
Small White Car Avatar
150 months ago
That's a pretty good trick.

I mean, usually these things are like "if you download pirated software AND give it your password AND..."

But this one's pretty good. That, like, just worked.
Score: 6 Votes (Like | Disagree)
RVdave Avatar
150 months ago
"Settings> Safari> Javascript > Off"

Thanks Porco. An easy fix until the next update.
Score: 5 Votes (Like | Disagree)
Hyper-X Avatar
150 months ago
Approximately 100% of iOS users use Safari.

And how is it the worst? It's the best for Mac (idk about Windows). Even if you were going to say it was worse than FireFox or something, Internet Explorer is undoubtedly the worst on any OS.
I typed that comment on iOS and it wasn't on Safari but rather iCab. In fact my MacBook doesn't use Safari by default. I understand why iOS and Mac users use Safari because it comes with it by default, the same reason why there's so many IE users on Windows. My Windows computers have never seen Safari installed in a very long time.

For a Mac I'd argue that Chrome is superior but that's not to say it's the perfect browser either. Firefox is too intrusive with all the warning messages like Vista and really relies on 100% user input to make decisions. IE9 has come a long way, it's actually one of the fastest and safest browsers to be used on Windows machines.

For mijail, yes I'm aware of that it's about Mobile Safari however Safari in itself is very late to the game, they introduced sandboxing years after Google's been doing it with Chrome. There's a lot of great extensions and plugins for Chrome and Firefox but Safari's seriously lacking compared to the other 2.
Score: 4 Votes (Like | Disagree)

Popular Stories

iphone se 4 modified flag edges

iPhone SE 4 Details: Action Button, USB-C Port, Face ID, and More

Wednesday September 27, 2023 1:34 pm PDT by
Significant changes are expected to arrive with Apple's fourth-generation iPhone SE, in terms of both design and hardware, MacRumors has learned. The iPhone SE 4, known internally under the codename Ghost, is expected to receive a new design derived almost entirely from the base model iPhone 14. According to our sources, the iPhone SE 4 will use a modified version of the iPhone 14 chassis...
Multi Display CarPlay 1

All-New Apple CarPlay Launching Later This Year With These 5 New Features

Friday September 29, 2023 11:29 am PDT by
At WWDC 2022 last year, Apple previewed the next generation of CarPlay, promising deeper integration with vehicle functions like A/C and FM radio, support for multiple displays across the dashboard, personalization options, and more. Apple said the first vehicles with support for the next-generation CarPlay experience would be announced in late 2023, but it has still not shared any additional...
iOS 17

Everything New in iOS 17.1 Beta 1

Wednesday September 27, 2023 1:57 pm PDT by
Just a week after releasing iOS 17, Apple has seeded the first beta of iOS 17.1 to developers. iOS 17.1 adds some features that Apple promised were coming to iOS 17 in the future, plus it refines and improves some existing features. This guide covers everything new in the first iOS 17.1 beta. Apple Music Favorites You can favorite songs, albums, playlists, and artists in the iOS 17.1...
iPhone 15 Pro lineup

iPhone 15 Pro Overheating Concerns Highlighted in Two More Reports

Thursday September 28, 2023 6:25 am PDT by
iPhone 15 Pro and Pro Max overheating concerns continue to make headlines this week, with the topic highlighted by The Wall Street Journal and Bloomberg. Both of the reports document anecdotal complaints from customers, and outline potential causes, but it's unclear how many devices are actually affected. Bloomberg said the overheating could be caused or compounded by the iPhone's setup...
iPhone 15 Pro lineup

Apple to Address iPhone 15 Pro Overheating Issue With iOS 17 Update

Saturday September 30, 2023 9:28 am PDT by
Apple plans to release an iOS 17 update to address a bug that may contribute to the reported iPhone 15 Pro and iPhone 15 Pro Max overheating issue, according to a statement the company shared today with MacRumors and Forbes reporter David Phelan. Apple also says some recent updates to third-party apps have overloaded the system and contributed to the overheating issue. The report notes that...
iPhone 15 USB C Port Keynote

Some USB-C Power Banks Fail to Work With iPhone 15

Thursday September 28, 2023 2:06 pm PDT by
Apple added a USB-C port to the iPhone 15 lineup this year, allowing it to work with USB-C cables, USB-C power banks, and more. It turns out that some USB-C battery packs are not working properly with Apple's iPhone 15, resulting in charging issues. As highlighted on Reddit and the MacRumors forums, not all existing USB-C power banks can be used with the iPhone 15 models, perhaps due to the...
iOS 17

Apple Releases iOS 17.0.2 and iPadOS 17.0.2 for All iPhones and iPads

Tuesday September 26, 2023 12:47 pm PDT by
Apple today released iOS 17.0.2 and iPadOS 17.0.2 updates, with the software coming five days after the releases of iOS 17.0.1 and iPadOS 17.0.1. Today's iOS 17.0.2 and iPadOS 17.0.2 updates arrive as build 21A351 and can be downloaded on eligible iPhones and iPads over-the-air by going to Settings > General > Software Update. Note that iOS 17.0.2 was previously made available for iPhone...