Researcher Warns of iOS Safari Vulnerability

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  

Security researcher David Vieira-Kurz has uncovered a WebKit vulnerability in the mobile version of Safari that could allow an attacker to redirect a victim to a malicious Web site with a spoofed URL.

"Incorrect handling of the URL when the JavaScript method 'window.open()' is used allows an attacker to 'own' HTML and JavaScript code in the new window and, in turn, change the address bar of the window," The H Security reports.

"Fraudsters could use the vulnerability for phishing attacks by sending users to pages which appear to be their bank and asking for account data," the article states.

Go to "Address spoofing vulnerability in iOS' Safari" to read the details.

For regular security news updates, follow eSecurityPlanet on Twitter: @eSecurityP.