Well the unthinkable has happened. Just when my faith blindly rested in Apple’s care, a vulnerability has been discovered and it’s a good one.
A company called Major Security found the issue, which, is an error in Apple’s mobile web browser application Safari. This error is current in iOS 5.1. This error so far is confirmed on iPhone 4, 4S, iPad2, and a third generation iPad running iOS 5.1. According to the article it appears that any device running the latest mobile version of OS is affected by this vulnerability. There is a demo site that you can test the error out, but I won’t be posting any links to demo this error simply because I can’t seem to find the company’s website who found this error. You’ll have to do you own digging to find them.
Apple is apparently aware of the issue as of March 1, 2012, and has posted an advisory regarding the vulnerability as of March 20, 2012. According to the article in reference, a patch is being pushed out the door.
The article is here, and to learn more about URL Spoofing go here.
