While iOS 5.1 might be a welcome update for iOS users, it seems that the update has also opened up a possible vulnerability on the iOS version of Safari where it could be exploited to display a different URL to that of the actual website you are browsing, which could be used by malicious websites to trick you into providing sensitive information. This was discovered by David Vieira-Kurz of MajorSecurity who revealed that this exploit could be taken advantage of due to the way Safari handles the JavaScript "window.open()" method, a method which is commonly used to open up new windows on the mobile browser.
Ubergizmo, Spoofing exploit discovered in Safari for iOS
No comments:
Post a Comment