iOS Safari: Address spoofing vulnerability
The research demonstrated the vulnerability at majorsecurity.net/html5/ios51-demo.html – a “Demo” button opens a new page that loads in apple.com borderless iframe and also displays apple.com in the addressbar, but the page itself has originated from majorsecurity.net. Fraudsters could use the vulnerability for phishing attacks by sending users to pages which appear to be their bank and asking for account data.
- Safari: Closes Security Holes with version 5.1.4 (netsecurityit.wordpress.com)
- Apple: New iOS Release Addresses Multiple Vulnerabilities (netsecurityit.wordpress.com)
- Danish firm outlines two unpatched Safari vulnerabilities (reviews.cnet.com)