iOS 5.1 bug allows for address bar spoofing in Safari – users beware

ios 5.1 security flaw - for some reason we don't have an alt tag here

Phishing is a type of scam where someone tries to get you to give them your personal info (like passwords) by pretending to be a trustworthy source. The general rule is that you should check the address bar of your browser before logging in anywhere if you’re following links, to make sure that you’re actually on the site that you think and not a copy that is being hosted on an address that looks like it (like faecbook instead of facebook or something like that).

Now someone at a company called MajorSecurity has discovered a major bug in the way that Safari on iOS 5.1 opens links using javascript. The bug opens up for address bar spoofing, meaning that the address bar can be made to show a different URL than you’re actually at. That way it could show even if you’re somewhere completely different. This means that one of the most basic ways of avoiding phishing scams no longer works on the iPad, and that’s a big deal.

Apple has been notified of the issue and will hopefully release a fix soon. In the mean time, it’s recommended that users avoid following links blindly while using the iPad. This won’t suddenly make a link in your online banking system go somewhere else, but if you’re on an unknown web page or getting a link in an email, you should be careful.

[MajorSecurity via TheNextWeb]

Pocketables does not accept targeted advertising, phony guest posts, paid reviews, etc. Help us keep this way with support on Patreon!
Become a patron at Patreon!

Andreas Ødegård

Andreas Ødegård is more interested in aftermarket (and user created) software and hardware than chasing the latest gadgets. His day job as a teacher keeps him interested in education tech and takes up most of his time.

Avatar of Andreas Ødegård