Address Bar Security Issue Found in iOS 5.1 Safari

by

A security firm has discovered a security issue in the iOS 5.1 version of MobileSafari, the most recent version of the operating system that runs on millions of Apple mobile devices. The behavior was discovered and detailed by David Vieira-Kurz of MajorSecurity.net.

The weakness is caused due to an error within the handling of URLs when using javascript's window.open() method. This can be exploited to potentially trick users into supplying sensitive information to a malicious web site, because information displayed in the address bar can be constructed in a certain way, which may lead users to believe that they're visiting another web site than the displayed web site.

addressbarvul
To test it out, visit this demo page on an iPhone, iPod Touch or iPad running iOS 5.1. Click the 'Demo' button and MobileSafari will open a new window displaying "www.apple.com" in the address bar, though it's actually loading a page from MajorSecurity.net.

The security firm does note that Apple was informed of the vulnerability three weeks ago, and it is only being made public today. Apple acknowledged the bug and should be pushing a fix soon.

Popular Stories

iOS 18

iOS 18.4 Coming Next Week With These New Features for Your iPhone

Friday February 14, 2025 6:18 am PST by
The first iOS 18.4 beta for iPhones should be just around the corner, and the update is expected to include many new features and changes. Bloomberg's Mark Gurman expects the iOS 18.4 beta to be released by next week. Below, we outline what to expect from iOS 18.4 so far. Apple Intelligence for Siri Siri is expected to get several enhancements powered by Apple Intelligence on iOS...
Read Full Article
iPhone 17 Roundup Feature 2

iPhone Design to Change 'Significantly' This Year

Monday February 17, 2025 7:09 am PST by
Apple is set to "significantly change" the iPhone's design language later this year, according to a Weibo leaker. In a new post, the user known "Digital Chat Station" said that the iPhone's design is "starting to change significantly" this year. The "iPhone 17 Air" reportedly features a "horizontal, bar-shaped" design on the rear, likely referring to an elongated camera bump. On the other...
Read Full Article238 comments
apple launch feb 2025 alt

What to Expect From the 'Apple Launch' Next Week

Thursday February 13, 2025 11:48 am PST by
Apple has yet to announce any new devices this year, but that could change starting next week. Apple CEO Tim Cook today said to "get ready" for a "launch" on Wednesday, February 19. "Get ready to meet the newest member of the family," said Cook, in a social media post. The post includes an #AppleLaunch hashtag, along with a short video featuring an animated Apple logo inside of a circle....
Read Full Article83 comments
Apple Maps 2024

Apple Maps Might Start Showing Ads

Sunday February 16, 2025 7:22 am PST by
Apple is "exploring" the idea of showing search ads in the Apple Maps app, according to Bloomberg's Mark Gurman. Back in 2022, Gurman said software engineering was "already underway" to display ads in the Apple Maps app, but Apple did not move forward with the idea at the time. Today, he said Apple is "giving this notion more thought" again. This time around, he said Apple has yet to...
Read Full Article441 comments
Tim Cook Apple Park

10+ Announcements Apple Could Have Rolled Into a February Event

Saturday February 15, 2025 8:00 am PST by
Apple appears to have enough upcoming product announcements to justify a full event this month, yet all signs indicate these reveals will be handled through a series of press releases instead. There are a multitude of rumors from reliable sources about specific announcements in the coming weeks, so here's everything that Apple could have feasibly included in a hypothetical February event: ...
Read Full Article93 comments
iPhone 17 Pro Render Front Page Tech

iPhone 17 Pro With All-New Camera Bar Design Allegedly Revealed

Thursday February 13, 2025 5:49 pm PST by
Apple's next-generation iPhone 17 Pro will feature three rear cameras arranged in a familiar triangular layout, but the cameras will be housed in an all-new rectangular camera bar with rounded corners, according to YouTube channel Front Page Tech. iPhone 17 Pro camera design render created by Asher for Front Page Tech In a video uploaded today, Front Page Tech host Jon Prosser said the camera ...
Read Full Article273 comments
m2 pro mac mini

Apple is Now Selling a Refurbished Mac Mini for Just $319 (!)

Saturday February 15, 2025 9:58 am PST by
A few days ago, we reported that Apple's refurbished Mac mini pricing had a problem, and it appears that Apple has taken note. Apple was offering a refurbished Mac mini with the M2 chip, 16GB of RAM, and 256GB of storage for $559, which was $50 more than a refurbished Mac mini with the M4 chip, 16GB of RAM, and 256GB of storage. All other key specifications were equal. That's no longer...
Read Full Article166 comments
iPhone SE 4 Thumb 1

Apple's Next iPhone SE Launching on Wednesday - Here's What We Know

Friday February 14, 2025 4:04 pm PST by
Apple CEO Tim Cook teased an Apple announcement that's coming on Wednesday, February 19, and it's looking like that mystery announcement will be the next-generation iPhone SE. We've been hearing about the iPhone SE 4 for quite some time now, and we essentially know everything to expect. If you want a sneak peek at what's coming, read on. Naming Apple first introduced the iPhone SE in...
Read Full Article171 comments

Top Rated Comments

soco Avatar
soco
169 months ago
Apple are getting a little slack:

1. Hot iPads
2. Wifi Issues On New iPad
3. Safari On Retina Ipad's not actually pulling the fullres wallpaper / images
4. Security issues within 5.1

Apple. You have a B- you can and should be doing a lot better than this!!
Sorry to break it to you, and I loved the man, but he passed away back in October. It's Tim & Co.'s company now and they, despite misinformation to the contrary, are having just as many (read: few) real issues as they did when Steve was around.
Score: 14 Votes (Like | Disagree)
doboy Avatar
doboy
169 months ago
Public Announcement:

ALWAYS enter the URL manually or use your own bookmark for ANYTHING remotely important. This also means DO NOT click on the links in your email from financial institutions, PayPal, etc.
Score: 10 Votes (Like | Disagree)
soco Avatar
soco
169 months ago
And just like that, the 5.1 Jailbreak was delayed another month. :(
Score: 9 Votes (Like | Disagree)
Small White Car Avatar
Small White Car
169 months ago
That's a pretty good trick.

I mean, usually these things are like "if you download pirated software AND give it your password AND..."

But this one's pretty good. That, like, just worked.
Score: 6 Votes (Like | Disagree)
RVdave Avatar
RVdave
169 months ago
"Settings> Safari> Javascript > Off"

Thanks Porco. An easy fix until the next update.
Score: 5 Votes (Like | Disagree)
Hyper-X Avatar
Hyper-X
169 months ago
Approximately 100% of iOS users use Safari.

And how is it the worst? It's the best for Mac (idk about Windows). Even if you were going to say it was worse than FireFox or something, Internet Explorer is undoubtedly the worst on any OS.
I typed that comment on iOS and it wasn't on Safari but rather iCab. In fact my MacBook doesn't use Safari by default. I understand why iOS and Mac users use Safari because it comes with it by default, the same reason why there's so many IE users on Windows. My Windows computers have never seen Safari installed in a very long time.

For a Mac I'd argue that Chrome is superior but that's not to say it's the perfect browser either. Firefox is too intrusive with all the warning messages like Vista and really relies on 100% user input to make decisions. IE9 has come a long way, it's actually one of the fastest and safest browsers to be used on Windows machines.

For mijail, yes I'm aware of that it's about Mobile Safari however Safari in itself is very late to the game, they introduced sandboxing years after Google's been doing it with Chrome. There's a lot of great extensions and plugins for Chrome and Firefox but Safari's seriously lacking compared to the other 2.
Score: 4 Votes (Like | Disagree)
Read All Comments