The bug was first discovered back in October by hacker Andrew Plotkin, and was recently brought to light again by AppleInsider. The site spoke with Peter Eckersley of the digital rights group EFF, who described the issue as a “serious privacy and security vulnerability.”
“It is a security issue, it is a privacy issue, and it is a trust issue,” Eckersley said. “Can you trust the UI to do what you told it to do? It’s certainly a bug that needs to be fixed urgently.”
But Lysa Myers of Intego, a security firm, doesn’t think it’s quite that serious: “while this issue is certainly not an ideal situation, by itself it actually isn’t that large a problem.” She notes, though, that she’ll continue to monitor it to make sure it doesn’t become more exploitable.
If you want to see the bug first hand, simply execute the following steps on your iOS device:
- For starters, close all the way out of Safari and open the Settings app.
- Now, re-open Safari and visit a website that has a Smart App Banner.
- Finally, close down Safari and revisit the Safari Security section in the Settings app.