The iOS 5.1.1 update released on Monday doesn't just fix a handful of feature bugs—it also patches a security flaw that allowed an attacker to display the URL of one site in Mobile Safari while loading another, potentially tricking users into visiting malicious sites.
MajorSecurity researcher David Vieira-Kurz demonstrated a proof of concept for the flaw in March of this year, which caused a new window to open when clicking a specially crafted link. The new window showed the user that it was loading (for example) Apple's website, but actually loads another page that gave the appearance of loading Apple's site via an iframe. Vieira-Kurz said the vulnerability was related to the way Mobile Safari handles JavaScript's window.open() function, which could be used to trick users into handing passwords or credit card information over to attackers.
The flaw was present in iOS 5.0, 5.0.1, and 5.1, but is fixed in 5.1.1, as highlighted by Kaspersky Lab's ThreatPost blog. In addition to a fix for the URL spoofing flaw, iOS 5.1.1 also patches a vulnerability used by researcher Sergey Glazunov at CanSecWest this year, which could lead to a cross-site scripting attack, as well as one submitted by Adam Barth and Abhishek Arya of the Google Chrome Security Team that could lead to arbitrary code executions.
reader comments
41