Apple has fixed the vulnerability that David Vieira-Kurz of MajorSecurity had discovered last month, which could be exploited to spoof URLs in the address bar.
Malicious websites could make use of the
vulnerability to spoof their domain name to a URL the user might trust,
and ask for sensitive information like login credentials, credit card
numbers etc.
Apple has given David Vieira-Kurz credit for discovering the vulnerability in the support document that provides details about the security issues that have been fixed in iOS 5.1.1, which was released by Apple few hours back.
Safari
Impact: A maliciously crafted website may be able to spoof the address in the location bar
Description: A
URL spoofing issue existed in Safari. This could be used in a malicious
web site to direct the user to a spoofed site that visually appeared to
be a legitimate domain. This issue is addressed through improved URL
handling. This issue does not affect OS X systems.
In addition to the Safari vulnerability, Apple has also fixed two WebKit related vulnerabilities in iOS 5.1.1.
[via Cult of Mac]
0 Comment
Post a Comment