JavaScript Vulnerability in Apple iOS Safari

MajorSecurity have published a security advisory for a moderate vulnerability that affect Mobile Safari web browser for Apple iOS ,  the bug is tested on several devices including iPhone4, iPhone4S, iPad2 and iPad3 running iOS 5.1.

Attacker can use this vulnerability to display a malicious website that can be used for a phishing attack as Safari fail to handle certain JavaScript calls. Here the company provided an online resource as a PoC demonstration on the following link: http://majorsecurity.net/html5/ios51-demo.html.

So if you are using one of the previous devices you can safely test your system by visiting the link and clicking on Demo button, if your system is vulnerable your browser will open a new window with the http://www.apple.com URL but you are still browsing http://www.majorsecurity.net website.

This kind of attack can be performed by using SET (social engineering toolkit) where you will have a list of website that you can host for a phishy purposes such as Gmail, yahoo, Facebook, twitter. And here victim will find that he is at the legitimate website while new website will be loaded in a new window contains the phishing script.

To protect yourself against this vulnerability be sure to use the latest iOS version with all security patches.

Share