While Apple is appeared to be actively covering and fixing the most suspicious security bugs in its software, especially its iOS and Mac OS X component’s software programs like the Safari browser that comes with some extra permission to control the operating system and save files on the devices. Therefore, we have seen Apple actively fixing the Safari security bug fixes on the different platforms. According to a new discovery, it is reported that the Mobile Safari is exploitable and allows the developers to easily spoof the URL address of the Safari with any other URL and seed their own hosted URL structure with mirrored URL structure.
The new security bug discovered in the recently released iOS 5.1, and its updated Mobile Safari, and the most-recent version of the iOS is already running on millions of different devices, and the devices are completely open to attack the user’s personal information with a simple how know of the java-scripting and usage of advanced HTML 5 spoofing system. The security bug first discovered by David Vieira-Kurz of MajorSecurity.net. He reported that Mobile Safari on the latest iOS 5.1 goes crazy with a little java-script function that forces the browser to open a specific HTML in next page within an iframe.
The whole security bug allows them to simply spoof the URL system, which means that they can easily seed any kind of URL under the name of http://www.apple.com maybe even their own website. As they have already developed a demo mode of the whole bug in the Mobile Safari 5.1, that allows them to spoof the URL system, and allows them to seed their own hosted mirrored page of http://www.apple.com while the page actually hosts on their own web server, but still due to a security bug in the iOS, the mobile Safari still pushing their assigned URL to the address bar of the browser.
This type of security bugs could be used to steal user’s information without letting him know that the website they are visiting is real or mirrored from the original server to copy your data through the browsers.