The mobile Safari browser for iOS on iPhone’s and iPad’s contains a vulnerability, which can be used for phishing, and could potentially threaten the whole iOS community. The Dutch Ministry of Security and Justice announced this news today on their official website. The vulnerability can be easily exploited by hackers to display a different web URL than the webpage users are actually visiting.
According to the Ministry of Security and Justice, the vulnerability is found in the rendering-engine Webkit, which is used for various browsers. This could for example be used for phishing, and there is even the possibility that this already happened; the adress bar will for example display Apple.com while you are actually visiting a website that looks exactly the same, but with the difference that they are just after your creditcard details. Many users will probably not even notice the difference between the two. Apple is already informed, although they haven’t released an update yet. We therefore recommended that users should be careful when filling in forms with your personal information.
While the leak is tested with iOS 5.1, it is likely that devices that run on older firmwares such as iOS 5.0.1 and iOS 4 are vulnerable to these attacks as well. Apple has currently not announced whether it will do something about the problems. Users are advised to use alternative browsers such as iCabMobile or Opera until the vulnerability is patched in a firmware update.