Safari exploit that allows URL spoofing discovered in iOS 5.1

By , Mar 22, 2012

Although iOS is considered to be one of the safest mobile operating systems on the market, it’s not perfect. This is something that those of us in the jailbreak community know all too well.

With that in mind, it’s not terribly surprising that another security bug has recently been discovered in Apple’s software. Reports are surfacing today that an exploit has been found inside mobile Safari…

The find comes courtesy of David Vieira-Kurz of Major Security:

“The weakness is caused due to an error within the handling of URLs when using javascript’s window.open() method. This can be exploited to potentially trick users into supplying sensitive information to a malicious website, because information displayed in the address bar can be constructed in a certain way, which may lead users to believe that they’re visiting another website that the displayed web site.”

The team has provided a demonstration of the exploit, which you can replicate on your iOS device by clicking here. Safari will open a new window with Apple.com in the URL bar, but you’ll actually be on majorsecurity.net. It’s an iFrame trick.

But trick or not, the bug could spell major problems if it fell into the wrong hands. The good news, however, is that Major Security has already informed Apple of the issue. And the company is said to be working on a fix.

[TheNextWeb]

  • Share:
  • Follow:
  • http://twitter.com/AliHamze98 Ali Hamze

    Also happens on my iPhone 4S iOS 5.0.1

  • Anonymous

    Good thing us jailbreakers are fine

    • http://wpleet.com WordPress Elite

      How can you say we are fine?

    • http://twitter.com/Infinitypark003 Dustin

      Explain? Even If your jailbroken on iOS 5.1 the URL Spoofing still exists. If someone can patch this through a Cydia Tweak w/o updating to the new Firmware that Apple is planning, then that would be nice.

      • http://adam.hbang.ws/ Adam D

        A patch would probably require knowledge of how Apple’s proprietary Nitro javascript engine works, which isn’t easy.

        Ad@m

      • http://twitter.com/MattGregg97 Matt

        What’s the point of a patch if this can’t be used to create an exploit

      • http://adam.hbang.ws/ Adam D

        @Matt a website could tell you to go to your bank’s website, which looks real because the address bar has your bank’s URL instead of the scammer’s URL.

        Ad@m

    • http://twitter.com/sivkai Siv

      I think he means that, with jailbroken devices, we will easily be able to install a patch via Cydia.

    • Daniel

      We’re not fine. We’ll probably get the problem fixed earlier, but for now we’re no safer than a stock iDevice.

  • http://pulse.yahoo.com/_VZGXZIFDOHJ2NVMDRXYHUA4QXE JORGE A.

    so this could lead a potential unthethere jailbreak for ios 5.1?

    • Anonymous

      Yes and no… I guess it might be possible if you are the world’s greatest genius. Otherwise, how would it be possible to jailbreak a device through Safari by URL Spoofing?

  • Anonymous

    Thanks for the demo and the heads up!!!!

    iDB ROCKS!!!! Keeping us users informed!!! :-)

    Thanks also to the real hero, David Vieira-Kurz with Major Security.

  • http://www.facebook.com/djfrek Frék Hannickel

    hummm maybe a new exploit for JailbreakMe.com

    • http://twitter.com/x_rus_x Vitaliy Anonymous

      not every bug is considered an vulnerability(which is used to exploit systems)

    • http://twitter.com/So_Apropos Austin Lear

      No, not likely in the least this isn’t anything that’ll allow a payload to be deployed or to cause a kernel panic, this is extremely low level and only tricks safari into displaying something. Nothing to do with a jailbreak in the least.

    • Daniel

      Nope, not even close. All this does is allow you to make a website look like it’s another website, to use it for a jailbreak it would need to cause the kernel to panic or an error like a kernel panic.

    • Anonymous

      I guess it might be possible if you are the world’s greatest genius. Otherwise, how would it be possible to jailbreak a device through Safari by URL Spoofing?

  • Anonymous

    This was set up as an example. Once your on the page click the link on top of the page. It will change the URL to say your on apple’s website and make it look your there

  • http://twitter.com/iKrill Antonio

    Present on iOS 5.0.1

  • Mordechai Eliyahu

    this is only usefull for phishing

    • Anonymous

      Only? That’s a pretty big only.

      • Mordechai Eliyahu

        lol true actually you can also create a way to remote access to the persons phone and see all the info so ya it kinda sucks damn you Apple you got all this $ and you cant even put a good security on the iphones ……higher a few good hackers and their job will be just to hack the iphones and all other ios devices make sure we get what we pay for

      • Daniel

        No system is completely secure. Sorry, a completely secure system just doesn’t exist.

  • Leo Sack

    It also works on 10.8 beta 1

    • Anonymous

      That means it’s probably an AppleWebkit issue.