• Safari Vulnerability discovered in iOS 5.1 - Allows URL Spoofing

    by
    Akshay Masand
    Published on 2012-03-23 07:38 AM
    17 Comments Comments


    If you are using an iPad, iPhone, or iPod Touch running Safari on iOS 5.1, than you should be cautious of a security issue that involves address bar spoofing. The issue was discovered by David Vieira-Kurz of MajorSecurity, and involves “an error within the handling of URLs when using javascript’s window open() method.” This can be exploited by malicious sites to display custom URLs, potentially fooling users into supplying personal information to a malicious website (since the Safari address bar can display a totally different address than the website that is actually being displayed.

    MajorSecurity has notified Apple of the issue and it is at the point where it is likely just a matter of time before a patch is available to fix the problem. While Apple works on a fix for the issue, it is probably a good idea to avoid opening untrusted links and think twice about sending personal information to any website that asks for it through Safari on your iOS device.

    The security firm also created a sample web page to show the vulnerability in action. If you are interested in checking it out, open the following URL on your iOS device (one with iOS 5.1 installed):


    Click the demo at the top of the page and you will see a site that very closely resembles Apple’s official site but is actually hosted by MajorSecurity.

    Source: TheNextWeb
    This article was originally published in forum thread: Safari Vulnerability discovered in iOS 5.1 - Allows URL Spoofing started by Akshay Masand View original post
    1. Categories:
    2. iPhone,
    3. iOS,
    4. Apple,
    5. iPad
    Comments 17 Comments
    1. smoothcreak's Avatar
      smoothcreak - 2012-03-23, 07:48 AM
      Not sure if I completely understand this. I'm on an iPhone 4 iOS 5.0.1 and clicked the linked and it showed up like it does in the picture. So does that mean that 5.0.1 has the same security flaw?

      Oh and I have to do this sorry but,
      FIRST!!!
    1. docmagoo2's Avatar
      docmagoo2 - 2012-03-23, 08:14 AM
      Quote Originally Posted by smoothcreak View Post
      Not sure if I completely understand this. I'm on an iPhone 4 iOS 5.0.1 and clicked the linked and it showed up like it does in the picture. So does that mean that 5.0.1 has the same security flaw?
      Was just about to ask the same the same thing. Minus the puerile part at the end ;p
    1. rayzeur22's Avatar
      rayzeur22 - 2012-03-23, 08:17 AM
      Quote Originally Posted by smoothcreak View Post
      Not sure if I completely understand this. I'm on an iPhone 4 iOS 5.0.1 and clicked the linked and it showed up like it does in the picture. So does that mean that 5.0.1 has the same security flaw?

      Oh and I have to do this sorry but,
      FIRST!!!
      Chances are, every version of iOS (or iPhone OS) have this flaw, so your phone has this vulnerability. However, just like how iOS 4.0 patched the PDF exploit, there will most likely be a jb tweak released to patch this problem without having to update.
    1. Cer0's Avatar
      Cer0 - 2012-03-23, 08:35 AM
      Quote Originally Posted by rayzeur22 View Post
      Chances are, every version of iOS (or iPhone OS) have this flaw, so your phone has this vulnerability. However, just like how iOS 4.0 patched the PDF exploit, there will most likely be a jb tweak released to patch this problem without having to update.
      And before Apple addresses it too.
    1. emer_cvt's Avatar
      emer_cvt - 2012-03-23, 08:56 AM
      Did you check the address bar on safari? I believe that in ios5.1 you will see apple.com as the address on the sample. Im also on 5.0.1 and i see the correct address from majorsecurity
    1. docmagoo2's Avatar
      docmagoo2 - 2012-03-23, 09:16 AM
      Quote Originally Posted by emer_cvt View Post
      Did you check the address bar on safari? I believe that in ios5.1 you will see apple.com as the address on the sample. Im also on 5.0.1 and i see the correct address from majorsecurity
      Did you hit the demo button at the top? It reloads the web page as if it's from apple but states at the top
      Still hosted by major security
    1. Eonhpi's Avatar
      Eonhpi - 2012-03-23, 11:15 AM
      iPhone 4s 5.0.1 when I do the demo if you minimize it u can see it say untitled but has the www.apple.com website below . And original apple.com will say apple .Seems like a patch is needed .nice to know .jailbreakme would be nicccceee .
    1. matt200569's Avatar
      matt200569 - 2012-03-23, 12:49 PM
      [QUOTE=smoothcreak;6460257]Not sure if I completely understand this. I'm on an iPhone 4 iOS 5.0.1 and clicked the linked and it showed up like it does in the picture. So does that mean that 5.0.1 has the same security flaw?

      I believe if im reading correctly the article states that the security flaw is for ios 5.1. It states that you can test the security flaw by clicking the link if you have ios 5.1 on your idevice. That would lead me to believe that 5.1 is the only software with the security issue.
    1. patoons's Avatar
      patoons - 2012-03-23, 01:19 PM
      does this mean jailbreakme.com can make a return???
    1. idkanymore's Avatar
      idkanymore - 2012-03-23, 04:52 PM
      Quote Originally Posted by rayzeur22 View Post
      Chances are, every version of iOS (or iPhone OS) have this flaw, so your phone has this vulnerability. However, just like how iOS 4.0 patched the PDF exploit, there will most likely be a jb tweak released to patch this problem without having to update.

      Another reason to jailbreak!
    1. Channan's Avatar
      Channan - 2012-03-23, 05:11 PM
      If you're ever suspicious, you can touch the address bar and then hit Go on your keyboard. That'll bring you to the real site.
    1. celeron's Avatar
      celeron - 2012-03-23, 05:14 PM
      iOS 5.0.2 soon...lol
    1. hadzo's Avatar
      hadzo - 2012-03-23, 06:00 PM
      I'm on one of my devices with 4.3.3 and safari is spoofed... Not sure if this is a browser issue... Many servers can spoof your address bar even on desktop. One perfect example is such spoofing as let's say godaddy does. I have a website I'm hosting on my personal webspace from local ISP but they can spoof address bar to only show my domain name.

      In any case hope for a fix tweak if one is needed.
    1. patoons's Avatar
      patoons - 2012-03-23, 07:05 PM
      so could this mean jailbreakme.com makes a return to jailbreak 4S?
    1. celeron's Avatar
      celeron - 2012-03-23, 07:12 PM
      Doubtful. I've heard these exploits are easily patched by Apple. Besides, this has already been reported to Apple by MajorSecurity so it'll be patched in no time.
    1. szr's Avatar
      szr - 2012-03-23, 07:31 PM
      I concur that this happens in 5.0.1 (tested on my 4S on 5.0.1b) and appears to also occur in 4.x (tested in 4.2.1 on a 3GS.)

      The desktop versions of Safari (tested in 5.1.2, 5.0.5, and 4.0.5 Windows, 5.1.4 & 5.13 on Lion), as well as Firefox (tested in various versions from 3.x to 10.x, as well as Mozilla 1.7 and Netscape 9 thru 6) , Opera (versions 11, and 10), and Chrome (tested versions 16, 11, 8, and 4) don't appear to have this problem.

      Interestingly, Internet Explorer (Windows; tested versions 9, 8, 7, 6, and 5) does have this problem, showing Apple in the address bar, as does Opera versions 7 & 8 (not too surprising as those versions of Opera were attempting to mimic IE's behavior, perhaps a little too closely.)
    1. teej1410's Avatar
      teej1410 - 2012-03-24, 12:51 AM
      Tried on 5.0.1 yeah I'm fine.

  • Connect With Us

  • Discord

    Join our Discord

  • Twitter Box

  • Facebook