(adsbygoogle = window.adsbygoogle || []).push({}); The vulnerability was discovered by a man named David Vieira-Kurz of the security firm Majorsecurity and was found in the latest firmware ios 5.1 (and most likely all lower versions of the mobilesafari browser). If you are using an iPhone, iPad or iPod Touch on ios 5.1 then beware of the security flaw.

The vulnerability involves “an error within the handling of URLs when using javascript’s window open() method.” Malicious sites can use this little exploit to display 'custom url's' that can lead you to a website very similar to the one you may be trying to view, and have you input personal information.The URL looks the same but the destination is possibly a malicious site.

Majorsecurity have made a mock up website that is identical to the Apple website as a demo. This demo can be accessed on your mobilesafari browser by clicking this link >>>> You must login or register to view this content.


They have informed Apple about the security risk and Apple will no doubt take a hell of a long time to actually patch it and send out an ios upgrade. If however you are on a jailbroken device, there will probably be a patch on Cydia within the next few days. So for now, beware of any purchases or personal information you give out over MobileSafari

source: You must login or register to view this content.

Hmm, i don't really get it.

It means websites can use an exploit to take you to a page that looks like the one you are trying to go to example would be facebook, but instead of taking you to facebook it will take you to a fake one that looks just like it and take your information when you enter it

Well evrything explained easily someone can have a phishing site for facebook and if you enter from Mobile Safari with will show in the adress bar the real address like this You must login or register to view this content.

Thanks for the explenation guys!