Safari Bug Puts iOS 5 Users At Risk

If you're an iOS 5 user, you could be at risk of attack from cybercriminals, due to a bug in Safari. Apple's web browser currently features a security flaw that may lead users into visiting potentially damaging websites.

The vunerability was discovered earlier this month by MajorSecurity, a German security firm. The flaw could trap users at the wrong sites by allowing cybercriminals to 'spoof' the URL viewed in the browser.

The firm first discovered the flaw in iOS 5.0, and then again in iOS 5.1. The hole has also been confirmed on the iPhone 4, iPhone 4S, iPad 2, and the new iPad, all running iOS 5.1.

"The weakness is caused due to an error within the handling of URLs when using javascript's window.open() method," explained David Vieira-Kurz from the German firm, MajorSecurity. "This can be exploited to potentially trick users into supplying sensitive information to a malicious Web site, because information displayed in the address bar can be constructed in a certain way, which may lead users to believe that they're visiting another web site than the displayed web site."

To view MajorSecurity's demo of the bug visit here on your mobile device.