Address Bar Spoofing in iOS 5.1

Mar 27, 2012

iOS 5.1 is vulnerable to Adress Bar Spoofing attack

David Viera-Kurtz, of MayorSecurity has discovered a new form to attack iOS 5.1 based devices, where the address bar of Apple Webkit/534.46 can be changed based on the use of the JavaScript function “window.open”. This failure could be used for a remote attacker to change the address bar, and in that way to cheet to the user showing like the current page by a different URL actually visited: in short to give some realist phishing attacks.

Viera-Kurtz has published a concept test which he shows this failure, and any user that visit with his terminal, the http://www.majorsecurity.net/safari-514-ios51-advisory.php URL, wil see that the URL can actually appears in the Safari browser is http://www.apple.com.

There is not a avalaible patch for this, so, It’s recommended that you don’t visit important URLs with the Safari browser in iOS 5.1 throught of a link that is not trusted.

Happy Hacking !!!

10mo. ANIVERSARIO DE LA CREACION DE LA UNIVERSIDAD DE LAS CIENCIAS INFORMATICAS… 
CONECTADOS AL FUTURO, CONECTADOS A LA REVOLUCION

http://www.uci.cu 
http://www.facebook.com/universidad.uci 
http://www.flickr.com/photos/universidad_uci