Users of iPhones, iPads, and iPod touch devices running Safari on iOS 5.1 should beware of a security issue that involves address bar spoofing. The issue was discovered by David Vieira-Kurz of, and involves “an error within the handling of URLs when using javascript’s method.”

What does this mean in plain English? It means that the error can be exploited to trick users into supplying personal information to a malicious website, since the Safari address bar can display a totally different address than the website that is actually being displayed. has notified Apple of the issue, so it’s just a matter of time before a patch is available to fix the problem. In the meantime, it’s a good idea to not open untrusted links and to think twice about sending personal information to any website that asks for it through Safari on your iOS device.

For those who would like a working example of the vulnerability in action, has created a web page at Just open that page in Safari on a device iOS 5.1, click the demo button at the top of the page, and prepare to see something that looks amazingly like the site but is actually hosted by

We’ll let you know when the update to fix this issue is available.

[via The Next Web]

Security Alert: Safari for iOS 5.1 reportedly vulnerable to address bar spoofing originally appeared on TUAW – The Unofficial Apple Weblog on Thu, 22 Mar 2012 16:17:00 EST. Please see our terms for use of feeds.

Source | Permalink | Email this | Comments

You can follow on Twitter or join our Facebook page to keep yourself updated on all the latest from Apple and the Web.