Beware: Thanks to an iOS 5.1 exploit, spoofing URLs is a trivial task for hackers. Granted, spoofing isn’t particularly dangerous in and of itself, but it could be used to part you from your personal information, and no one would want that. Discovered by David Vieira-Kurz of MajorSecurity, the exploit makes use of a sloppy JavaScript method in the iOS 5.1 Safari browser. The exploit has been shown to work on 2nd and 3rd generation iPads as well as the iPhone 4 and iPhone 4s. A fix is sure to come soon, but it’s not out yet, so watch your back if you’re using the vanilla browser.
If you happen to be on an iOS device right now, there’s a little demo you can use to see this thing in action. Just click here and then click the demo button and you can see the spoofing. I suppose this would also serve as a way to see if you’re affected if you happen to be running an older version of iOS, which the spoof may or may not affect.
In the meantime, it might be best to avoid entering your Social Security number on a webpage with a mobile device. Then again, that might be a good thing to avoid in general.
(via MSNBC)
- iOS 5 has some issues with battery life
- Also a secret autocorrect keyboard bar
- The best, most harmless kind of spoofing
