iOS 5 contains Safari bug, opens users to malicious sites

MajorSecurity discovers a bug in iOS5 and 5.1 that allows users to be lured to a malicious site.

Published Fri, Mar 23 2012 11:31 AM CDT   |   Updated Tue, Nov 3 2020 12:29 PM CST

This is a cautionary story for all of those iOS 5 users out there, including the new iPad 3 users. Germany security firm MajorSecurity discovered a bug earlier this month that can be used to trick you into visiting potentially malicious Web sites. The bug was first discovered in iOS 5 and was replicated in iOS 5.1. Apple was informed of the bug by MajorSecurity on March 3, but has not yet issued a patch.


"The weakness is caused due to an error within the handling of URLs when using javascript's method," explained David Vieira-Kurz of MajorSecurity. "This can be exploited to potentially trick users into supplying sensitive information to a malicious Web site, because information displayed in the address bar can be constructed in a certain way, which may lead users to believe that they're visiting another web site than the displayed web site."

Apple has acknowledged the bug, so they should be able to produce a patch, and I would encourage you to upgrade when it becomes available. Until then, watch the sites you go to, as it may not be where the URL bar is telling you you are at. If you would like to see for yourself, go here on your mobile device, select Demo in the upper left corner. This will open a new page that says Apple and looks like Apple but is still on MajorSecurity's server.


Trace is a starving college student studying Computer Science. He has a love of the English language and an addiction for new technology and speculation. When he's not writing, studying, or going to class, he can be found on the soccer pitch, both playing and coaching, or on the mountain snowboarding.

Newsletter Subscription

Related Tags

Newsletter Subscription
Buyer Guides
Latest News
View More News
Latest Reviews
View More Reviews
Latest Articles
View More Articles