Apple’s iOS 5.1.1 update fixes serious URL-spoofing security flaw in Safari

This is a discussion on Apple’s iOS 5.1.1 update fixes serious URL-spoofing security flaw in Safari within the iPhone News forums, part of the Apple News category; We told you about Apple’s iOS update today and that it fixed some playback issues for AirPlay, but the big news here is that the ...

Results 1 to 1 of 1
  1. #1
    Administrator
    Join Date
    Jul 2011
    Location
    Northern Michigan
    Posts
    25,446
    Member #
    1529
    Liked
    316 times

    Apple’s iOS 5.1.1 update fixes serious URL-spoofing security flaw in Safari

    We told you about Apple’s iOS update today and that it fixed some playback issues for AirPlay, but the big news here is that the company has fixed a pretty serious vulnerability that we told you about in March.

    The affected devices were iPhone 4, 4S, iPad 2 and new iPad, and this is what was happening:

    It was discovered by David Vieira-Kurz of MajorSecurity and the associated advisory details an error in how Safari handles the JavaScript window.open() method (which opens a new browser window). This could potentially be used to “trick users into supplying sensitive information to a malicious web site.”

    The security issues that were fixed were outlined by Apple today along with its release of iOS 5.1.1:

    Available for: iPhone 3GS, iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad, iPad 2

    Impact: A maliciously crafted website may be able to spoof the address in the location bar

    Description: A URL spoofing issue existed in Safari. This could be used in a malicious web site to direct the user to a spoofed site that visually appeared to be a legitimate domain. This issue is addressed through improved URL handling. This issue does not affect OS X systems.

    At that time we suggested that you be careful about tapping links from sources that you weren’t familiar with. It looks like Apple has fixed the problem, but always be cautious as you surf around the interwebs. Also, don’t skip updates.


    5-26-12

    Source

  2. Ads

    Posts
    Many

Remove Ads

Ads

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Similar Threads

  1. Replies: 0
    Last Post: 05-15-2012, 07:47 PM
  2. Replies: 0
    Last Post: 04-06-2012, 08:20 PM
  3. Safari vulnerability in iOS 5.1 allows URL spoofing
    By sparkyscott21 in forum Apple Forums Member News Depot
    Replies: 0
    Last Post: 03-22-2012, 06:15 PM
  4. Apple seeds Safari 5.1.4 to devs. fixes for plug-ins, zooming using gestures
    By sparkyscott21 in forum Apple Forums Member News Depot
    Replies: 0
    Last Post: 02-02-2012, 02:15 PM
  5. Apple Releases Safari 5.1.2 with 'White Flash' and PDF Viewing Fixes
    By sparkyscott21 in forum Apple Discussions
    Replies: 2
    Last Post: 11-30-2011, 04:10 PM

Contact Us
Back to top