The vulnerability has been tested present on an iPhone4, iPhone4S, iPad2 and iPad3 running iOS 5.1. Apple was notified on March 3rd of the vulnerability and should release an update to iOS that will resolve the issue shortly.
Steps to Reproduce:
1) Visit http://majorsecurity.net/html5/ios51-demo.html with Safari on iOS 5.1
2) Click the "demo" button
3) Safari will open a new window with "http://www.apple.com" in the address bar, but in fact "http://www.apple.com" is being displayed inside an iframe within the host http://www.majorsecurity.net
4) Safari's address bar is showing "http://www.apple.com" which makes the user believe he/she is currently visiting Apple.com while he's still on the attacker's website.
Subscribe for Latest News