A new vulnerability has been found in Apple’s mobile Safari browser for iOS 5.1. MajorSecurity first discovered the exploit, which would allow a hacker to display a different website URL than what is actually being visited in the browser, potentially leading to phishing attacks.
The vulnerability has been confirmed on Apple devices running iOS 5.0 and up. It’s not clear if earlier versions of iOS exhibit the same symptoms, although you can test for yourself. A demo website has been set up to show a clear example of how this vulnerability can be exploited. Point mobile Safari to this link to see it in action.
Apple acknowledged the problem back on March 3rd, so it’s only a matter of time before we see an update addressing the issue. For now, we recommend you take care before entering any sensitive information into mobile Safari, or use an alternate browser, such as Opera Mini.
[via Your Daily Mac]