Large iOS Security Threat

An article from MSNBC.

iOS

 

You’re browsing the Internet on your iPhone or iPad when you’re suddenly prompted for some personal information. But you’re no dummy: Before you enter it, you check the URL bar to confirm that you really are on a trusted site. When you’re sure, you type in the information. Careful as you were, you still may have handed sensitive data to a bad guy.

How is that possible when you’re absolutely certain that you’re on a trustworthy website? Because right now you can’t trust the URL bar on your iOS device’s mobile Safari browser, thanks to a security exploit.

The exploit was first discovered by David Vieira-Kurz of MajorSecurity. It affects the mobile Safari browser on iOS 5.1 and has been tested on the iPhone 4, iPhone 4S, second-generation iPad and third-generation iPad. According to Vieira-Kurz, the exploit is possible thanks to an error in how new windows are opened using a javascript method:

This can be exploited to potentially trick users into supplying sensitive information to a malicious website, because information displayed in the address bar can be constructed in a certain way, which may lead users to believe that they’re visiting another website than the displayed website.

MajorSecurity has created a demonstration of the exploit. You can check it out by following this link on a device which is running iOS 5.1. After pressing the “demo” button on that website, you will see Safari open a new window which displays “http://www.apple.com” in the URL bar, even though the website you’re viewing is actually hosted on “http://www.majorsecurity.net.”

There’s no fix for the issue right now, but it shouldn’t take long for Apple to patch the exploit. In the meantime, you should be careful about which links you follow.

Tags: , , , , , , , , ,

About geekytechguy

Hello! Thanks for visiting my site/blog. This blog is going to be where the most up-to-date tech news is posted. Gadgets, Gizmos, IT, Technology, Reviews, all posted Here! Please be sure to tell others and check back regularly. We also have a Twitter: GeekyTechGuy!
%d bloggers like this: