iOS 5.1 is vulnerable to Adress Bar Spoofing attack
David Viera-Kurtz, of MayorSecurity has discovered a new form to attack iOS 5.1 based devices, where the address bar of Apple Webkit/534.46 can be changed based on the use of the JavaScript function “window.open”. This failure could be used for a remote attacker to change the address bar, and in that way to cheet to the user showing like the current page by a different URL actually visited: in short to give some realist phishing attacks.
Viera-Kurtz has published a concept test which he shows this failure, and any user that visit with his terminal, the http://www.majorsecurity.net/safari-514-ios51-advisory.php URL, wil see that the URL can actually appears in the Safari browser is http://www.apple.com.
There is not a avalaible patch for this, so, It’s recommended that you don’t visit important URLs with the Safari browser in iOS 5.1 throught of a link that is not trusted.
Happy Hacking !!!
- Marcos Ortiz Valmaseda
- Data Engineer (UCI)
- Linkedin’s profile
- @marcosluis2186
- Big fan of Big Data, NoSQL and PostgreSQL
10mo. ANIVERSARIO DE LA CREACION DE LA UNIVERSIDAD DE LAS CIENCIAS INFORMATICAS…
CONECTADOS AL FUTURO, CONECTADOS A LA REVOLUCION
http://www.uci.cu
http://www.facebook.com/universidad.uci
http://www.flickr.com/photos/universidad_uci
