If you own a device running iOS 5.1 or plan to update to the latest iOS version, nothing can prepare you for the next few words I’m about to speak – there’s a chance you visited malicious websites without you knowing. The vulnerability was discovered on Safari and allows malicious websites to display a URL different to the website you’re actually visiting.
To put things in perspective, malicious websites don’t place any direct threat to your iOS device even if they contained viruses or Trojans. As we all know, smartphones and tablets aren’t vulnerable to them as computers are. They do, however, pose a greater threat to users with their ability to access sensitive information. The latest iOS 5.1 version allows these harmful websites to exploit Safari and display a fake URL.
The vulnerability was discovered by David Vieira-Kurz of MajorSecurity less than a week ago, explaining that it tricks people into typing sensitive information. To demonstrate how it works, the German security firm prepared this link. If you view the attached link using a secure browser and click “demo,” you will be informed that the website is being “spoofed” and the correct URL will be displayed. But if you do the same using a device on iOS 5.1, Safari will show that you are on Apple’s official website and not warn you about the fake URL. Because you can’t tell the difference between trusted and malicious websites, you could end up logging into sites you thought was Facebook, Twitter, or Gmail and expose sensitive information like your credit card number.
Days after iOS 5.1 was released, users were blindsided by a major security glitch which granted unsecured access to their device. The bug allowed strangers to bypass the security lock via the camera shortcut. But this new vulnerability on Safari is far more serious and lets cybercriminals exploit sensitive data.
Despite these bugs, 80 percent of eligible devices were updated to iOS 5.1 fifteen days after its release. If you plan to update your iPhone, iPad, or iPod Touch to Apple’s latest software, we recommend that you be careful with clicking links. Apple is aware of this vulnerability and will most likely include a fix in the next update. Hang on.
via MajorSecurity
