Safari exploit that allows URL spoofing discovered in iOS 5.1

Although iOS is considered to be one of the safest mobile operating systems on the market, it’s not perfect. This is something that those of us in the jailbreak community know all too well.

With that in mind, it’s not terribly surprising that another security bug has recently been discovered in Apple’s software. Reports are surfacing today that an exploit has been found inside mobile Safari…

The find comes courtesy of David Vieira-Kurz of Major Security:

“The weakness is caused due to an error within the handling of URLs when using javascript’s method. This can be exploited to potentially trick users into supplying sensitive information to a malicious website, because information displayed in the address bar can be constructed in a certain way, which may lead users to believe that they’re visiting another website that the displayed web site.”

The team has provided a demonstration of the exploit, which you can replicate on your iOS device. Safari will open a new window with in the URL bar, but you’ll actually be on It’s an iFrame trick.

But trick or not, the bug could spell major problems if it fell into the wrong hands. The good news, however, is that Major Security has already informed Apple of the issue. And the company is said to be working on a fix.