Address bar spoofing exploit found for iPhone, iPad Safari in iOS 5.1

iOS 5.1 Exploit With the amount of iOS devices out there in the world these days, the amount of individuals looking to exploit Apple's offerings is growing.

A new security vulnerability has now been exposed pertaining to how Apple's Safari web browser handles site names entered into the address bar. The exploit, discovered by David Vieira-Kurz of MajorSecurity, involves spoofing (faking) the name of the site the user thinks they are going to in Safari while secretly redirecting them to a different, potentially malicious website without their knowledge.

The vulnerability has been reproduced on every device running iOS 5.1 including the iPhone 4, iPhone 4S, iPad 2 ,and the new iPad. Given the reproducible results, the Dutch Ministry of Security and Justice has issued a warning.

A proof of concept has been provided by Vieira-Kurz and the results have been acknowledged by Apple as far back as March 3rd. That said; it stands to reason that an update from Apple is being worked on to close the hole.

If you're looking to test out the proof of concept yourself, you can visit the Vieira-Kurz website in the source link below. If you test it, you can see how simply pushing the demo button will load a new site but the address bar would have you believe it's still apple.com.

Until an update is pushed from Apple, ensure you do not go clicking on any random links you don't trust and also avoid offering up any personal details on sites you're not 100% sure about. When it doubt, type in the address yourself rather than clicking a link to better make sure you're going to the right place. These common safety measurements for the internet, but certainly worth repeating with this new found exploit now known to the masses.

Source: The Next Web; Via - Vieira-Kurz

Have something to say about this story? Share your comments below! Need help with something else? Submit your question!

Chris Parsons

Editor-at-Large at Mobile Nations, gadget junkie, energy drinker, ranter.

More Posts

 

4
loading...
0
loading...
97
loading...
0
loading...

← Previously

How to send video, games, FaceTime and more from your new iPad to your TV with AirPlay

Next up →

Seidio Spring-Clip Holster for iPhone 4S and iPhone 4 only $17.95 [Daily deal]

Reader comments

Address bar spoofing exploit found for iPhone, iPad Safari in iOS 5.1

21 Comments

This is truly a scary exploit! I relay heavily on what the safari browser address bar tells me. At least I used to!
Scary shyt

Thankfully, if you follow the proof of concept, you can see how the put text above the page and framed in the apple site. If you hit reload, what is actually in the address bar it will refresh to the real site. Still scary but at least if you are concerned, you just have to hit refresh.

Look for the green lock for secure sites. This tells you that the website is real. It's a feature of most modern browsers.

Hello, I enjoy your weblog. Is there something I can do to get updates like a subscription or something? I'm sorry I am not familiar with RSS?

dear imore,
the word "amount" is for things you can't count -- like air, sugar, and gas. for things you can count, the word is "number."
so, it's "the number of iOS devices" and "the number of individuals..." :-)

And amount is for money, which also can't be counted. :) A better way to phrase the rule is that "amount" is for things that properly go with the question "how much?" and "number" is for things that go with "How many?"

Ahhh, Countable and uncountable
Fewer android devices were sold than iPhones. (That's right! FEWER not Less)
I enjoy android less than IOS.

Hmm it appears like your internet site ate my 1st comment (it was super long) so I guess I'll just sum it up what I had written and say, I'm thoroughly enjoying your weblog. I as effectively am an aspiring weblog blogger but I'm still new to everything. Do you have any points for novice blog writers? I'd surely appreciate it.

Die Gesetze stammen nicht von einem Gott, sondern allesamt von Menschen. Und zwar (wen wundert's) nicht etwa von Intellektuellen und Philosophen jener Zeit, sondern von archaisch lebenden, primitiven Ziegenhirten, die ihr ganzes Leben lang nie eine Schule von innen gesehen hatten. Ausserdem ist das alte Testament zwischen ca. 3'000 und 4'500 Jahren alt. Kein Wunder, das die Menschen damals noch ziemlich anders drauf waren. Immerhin sprechen wir hier von der Hälfte der Zeit, die seit der Steinzeit vergangen ist (die Jungsteinzeit ging noch bis etwa 8'000 Jahre v.Chr.). Und in dieser Zeit hat sich gerade im nahen Osten kulturell nicht allzu viel getan. Die meisten Menschen lebten nach wie vor als Nomaden. Ihr Leben war geprägt von harter Arbeit, Krieg, Gewalt und manchmal auch Hunger und Elend. Diese Eindrücke und Erlebnisse flossen dann natürlich sehr stark in ihre Schriften ein. Die Bibel kann deshalb nicht als ein gesammeltes Gesetzeswerk angesehen werden, sondern höchstens als eine Art Tagebuch einer lang vergangenen Gesellschaft.Und übrigens stimmt es nicht, dass das neue Testament frei von Gewalt sei. Wenn man bloss etwas sucht, findet man diese durchaus auch dort. Hier drei Beispiele:- Matthäus 10;34: „Ihr sollt nicht wähnen (=fälschlich annehmen), daß ich gekommen sei, Frieden zu senden auf die Erde. Ich bin nicht gekommen, Frieden zu senden, sondern das Schwert."und weiter geht es: "Denn ich bin gekommen, den Menschen zu entzweien mit seinem Vater und die Tochter mit ihrer Mutter und die Schwiegertochter mit ihrer Schwiegermutter. Und des Menschen Feinde werden seine eigenen Hausgenossen sein."- Lukas 14;26: "Wenn einer zu mir kommt und haßt nicht seinen Vater, seine Mutter, sein Weib, seine Kinder, seine Brüder und Schwestern kann er nicht mein Jünger sein."- Matthäus 18;8: "Wenn aber deine Hand dir Anlass zur Sünde gibt (damit ist wohl Selbstbefriedigung gemeint), so hau ihn ab und wirf ihn von dir! Es ist besser für dich, lahm oder als Krüppel in das Leben hineinzugehen, als mit zwei Händen in das ewige Feuer geworfen zu werden. Und wenn dein Auge dir Anlass zur Sünde gibt, so reiß es aus und wirf es von dir! Es ist besser für dich, einäugig in das Leben hineinzugehen, als mit zwei Augen in die Hölle des Feuers geworfen zu werden.

I'm really inspired along with your writing abilities as neatly as with the layout in your blog. Is this a paid subject or did you customize it yourself? Either way keep up the excellent high quality writing, it is uncommon to look a nice weblog like this one nowadays..

Must be the restriction of the blogsite to automatically change words too long into LongTerm . So the actual registry location is as below broken into 2 lines. Just copy them and join them in Notepad into one line

Nice article. last thirty times I uncovered this online internet internet site and desired to permit you be conscious that i've been gratified, heading by way of your site's posts. I should undoubtedly be signing just as as a whole lot since the RSS feed and should undoubtedly wait around for yet another post. best Regards, Mateus

WTF, This man is a physicist and is takilng on international affairs. he is also against the nuclear proograme of pakistan. how can a physicist even dare to comment on these issues? and these stupid anchors invite such non relevant people to these programes. they even asked the view of shahid afridi on drone attacks. hhhaaaaa, what the hell. he seems a CIA agent to me. ..