A vulnerability has been found in iOS Safari after the new 5.1 update. The bug can be used to trick Safari into showing a URL in the address bar that’s different than the actual site being visited.
The problem has been tested and happens on the iPhone 4, iPhone 4S, iPad 2, and the new iPad when they’re running iOS 5.1. Apple acknowledged the bug on March 3, so I’m sure an update with a bug fix is imminent. But until then, keep these tips in mind when browsing on Safari:
- Don’t open links from sites you aren’t 100% sure are from a trusted site.
- If you aren’t sure about a link, hop on to a computer and check it out there. If it’s a spoofed address bar, the address bar will probably say “about:blank” but will say the name of a trusted site on your iOS device.
- Go to TheNextWeb and try out the demo offered by David Vierra-Kurz from MajorSecurity. He reproduced the bug. Firsthand knowledge is always useful in protecting against security exploits (in a controlled environment, of course, like this demo).