iOS 5.1 Vulnerable To Safari Address Bar Bug

Flaw allows websites to display fake addresses in the URL bar.

Get the WebProNews Newsletter:

iOS 5.1 Vulnerable To Safari Address Bar Bug
[ Technology]

The Safari browser in the latest version of iOS has a bug that allows a website to display a false address in the URL bar, according to a recent report. The bug is actually present in all three major releases of iOS 5: iOS 5.0, 5.0.1, and 5.1.

The bug was discovered by David Vieira-Kurz of MajorSecurity, who first identified the problem in iOS 5.0. He was later able to reproduce it in iOS 5.0.1, and in 5.1. According to his report, the vulnerability was originally discovered on March 1st. On March 2nd Apple was informed of the problem, and on March 3rd they responded. Vieira-Kurz’s report was published on Tuesday, March 22nd.

Vieira-Kurz included instructions for duplicating the issue in the report. Check it out below on an iPhone 4S running iOS 5.0.1. The first shows the actual URL, pressing the “Demo” button opens the new page showing apple.com in the URL bar:

iOS Safari Bug

iOS Safari Bug

A bug like this presents a potentially significant security threat to users. Historically the best way to identify a phishing scam has been to check the URL. For example, an email that claims to be from, say, PayPal will advise readers to click a link and input their account information to rectify some problem. Clicking the link would take the reader to a site that looked like PayPal’s site, but had something completely different in the address bar. With this bug in Safari, links like that could not only look like PayPal (or Apple, or your local bank), but display the correct address as well.

As yet there is no solution to the bug. Since Apple is aware of it, you can bet that the next version of iOS will include a fix. In fact, it is entirely possible that a bug like this could be considered severe enough to warrant a quick update to iOS in the next few days. In the meantime, it might be best to exercise a little extra caution when clicking links while on your iOS device.

iOS 5.1 Vulnerable To Safari Address Bar Bug
Comments Off
Top Rated White Papers and Resources

Comments are closed.

  • Join for Access to Our Exclusive Web Tools
  • Sidebar Top
  • Sidebar Middle
  • Sign Up For The Free Newsletter
  • Sidebar Bottom