September 29, 2016

Safari in iPhone is Vulnerable to Web Attacks by Hiding Address Bar

Safari in iPhone is vulnerable to web attacks that allow malicious websites to masquerade as trusted pages maintained by banks or other entities.

The vulnerability has been discovered by security researcher Nitesh Dhanjani. The weakness stems from the ability of web developers to display pages on iPhones that push the address bar out of view, with reference to Dhanjani’s blog post that demonstrates the problem.

Dhanjani made a proof of concept demo at his website with a fake Bank of America login page for mobile phone devices to stress the severity of this security issue in Apple’s iOS.

Related Articles:

Security Updates for Safari

Apple has released versions 5.0.3 and 4.1.3 of its Internet browser Safari. The updates address several security vulnerabilities in the WebKit-based browser. The Safari updates fix more than 25 security holes in the browser’s open source WebKit rendering engine, most of them rated as critical.

Safari 5.0.3 & Safari 5.0.3 Windows update highlights:

  • More accurate Top Hit results in the Address Field
  • More accurate results in Top Sites
  • Fixes an issue that could cause content delivered with the Flash 10.1 plug-in to overlap web page content
  • More reliable pop-up blocking
  • Fixes an issue that affected playback of some videos shot or edited to include rotations and flips
  • Improved stability when typing into search and text input fields on www.netflix.com and www.facebook.com
  • Improved stability when using JavaScript-intensive extensions
  • Improved stability when using VoiceOver with Safari
[ad code=6 align=left]

For detailed information on the security content of this update, please visit this site:http://support.apple.com/kb/HT1222

Safari 5.0.3 is available to download for Mac OS X 10.5.8 Leopard, 10.6.2 Snow Leopard and Windows XP SP2 or later. Alternatively, Safari 4.1.3 is provided for users running Mac OS X 10.4.11 Tiger. Mac OS X users can upgrade to the latest release via the built-in Software Update function. All users are advised to upgrade to the latest release as soon as possible.