Address Bar Spoofing in iOS 5.1


iOS 5.1 is vulnerable to Adress Bar Spoofing attack

David Viera-Kurtz, of MayorSecurity has discovered a new form to attack iOS 5.1 based devices, where the address bar of Apple Webkit/534.46 can be changed based on the use of the JavaScript function “window.open”. This failure could be used for a remote attacker to change the address bar, and in that way to cheet to the user showing like the current page by a different URL actually visited: in short to give some realist phishing attacks.

Viera-Kurtz has published a concept test which he shows this failure, and any user that visit with his terminal, the http://www.majorsecurity.net/safari-514-ios51-advisory.php URL, wil see that the URL can actually appears in the Safari browser is http://www.apple.com.

There is not a avalaible patch for this, so, It’s recommended that you don’t visit important URLs with the Safari browser in iOS 5.1 throught of a link that is not trusted.

Happy Hacking !!!

10mo. ANIVERSARIO DE LA CREACION DE LA UNIVERSIDAD DE LAS CIENCIAS INFORMATICAS…
CONECTADOS AL FUTURO, CONECTADOS A LA REVOLUCION

http://www.uci.cu
http://www.facebook.com/universidad.uci
http://www.flickr.com/photos/universidad_uci

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s