Your favorite Apple, iPhone, iPad, iOS, Jailbreak, and Cydia site.
03-23-2012, 12:37 AM #1
Safari Vulnerability discovered in iOS 5.1 - Allows URL Spoofing
MajorSecurity has notified Apple of the issue and it is at the point where it is likely just a matter of time before a patch is available to fix the problem. While Apple works on a fix for the issue, it is probably a good idea to avoid opening untrusted links and think twice about sending personal information to any website that asks for it through Safari on your iOS device.
The security firm also created a sample web page to show the vulnerability in action. If you are interested in checking it out, open the following URL on your iOS device (one with iOS 5.1 installed):
Click the demo at the top of the page and you will see a site that very closely resembles Apple’s official site but is actually hosted by MajorSecurity.
03-23-2012, 12:48 AM #2
Not sure if I completely understand this. I'm on an iPhone 4 iOS 5.0.1 and clicked the linked and it showed up like it does in the picture. So does that mean that 5.0.1 has the same security flaw?
Oh and I have to do this sorry but,
03-23-2012, 01:14 AM #3
03-23-2012, 01:17 AM #4
03-23-2012, 01:35 AM #5
03-23-2012, 01:56 AM #6
Did you check the address bar on safari? I believe that in ios5.1 you will see apple.com as the address on the sample. Im also on 5.0.1 and i see the correct address from majorsecurity
03-23-2012, 02:16 AM #7
03-23-2012, 04:15 AM #8
iPhone 4s 5.0.1 when I do the demo if you minimize it u can see it say untitled but has the www.apple.com website below . And original apple.com will say apple .Seems like a patch is needed .nice to know .jailbreakme would be nicccceee .
03-23-2012, 05:49 AM #9
[QUOTE=smoothcreak;6460257]Not sure if I completely understand this. I'm on an iPhone 4 iOS 5.0.1 and clicked the linked and it showed up like it does in the picture. So does that mean that 5.0.1 has the same security flaw?
I believe if im reading correctly the article states that the security flaw is for ios 5.1. It states that you can test the security flaw by clicking the link if you have ios 5.1 on your idevice. That would lead me to believe that 5.1 is the only software with the security issue.
03-23-2012, 06:19 AM #10
does this mean jailbreakme.com can make a return???
03-23-2012, 09:52 AM #11
03-23-2012, 10:11 AM #12
If you're ever suspicious, you can touch the address bar and then hit Go on your keyboard. That'll bring you to the real site.
03-23-2012, 10:14 AM #13
iOS 5.0.2 soon...lol
03-23-2012, 11:00 AM #14
I'm on one of my devices with 4.3.3 and safari is spoofed... Not sure if this is a browser issue... Many servers can spoof your address bar even on desktop. One perfect example is such spoofing as let's say godaddy does. I have a website I'm hosting on my personal webspace from local ISP but they can spoof address bar to only show my domain name.
In any case hope for a fix tweak if one is needed.Hit the thanks button if I helped in any way
03-23-2012, 12:05 PM #15
so could this mean jailbreakme.com makes a return to jailbreak 4S?
03-23-2012, 12:12 PM #16
Doubtful. I've heard these exploits are easily patched by Apple. Besides, this has already been reported to Apple by MajorSecurity so it'll be patched in no time.
03-23-2012, 12:31 PM #17
I concur that this happens in 5.0.1 (tested on my 4S on 5.0.1b) and appears to also occur in 4.x (tested in 4.2.1 on a 3GS.)
The desktop versions of Safari (tested in 5.1.2, 5.0.5, and 4.0.5 Windows, 5.1.4 & 5.13 on Lion), as well as Firefox (tested in various versions from 3.x to 10.x, as well as Mozilla 1.7 and Netscape 9 thru 6) , Opera (versions 11, and 10), and Chrome (tested versions 16, 11, 8, and 4) don't appear to have this problem.
Interestingly, Internet Explorer (Windows; tested versions 9, 8, 7, 6, and 5) does have this problem, showing Apple in the address bar, as does Opera versions 7 & 8 (not too surprising as those versions of Opera were attempting to mimic IE's behavior, perhaps a little too closely.)
03-23-2012, 05:51 PM #18
Tried on 5.0.1 yeah I'm fine.