A new security vulnerability has been found in Safari on iOS 5.1. Citing security advisories from MajorSecurity as well as the Dutch Ministry of Security and Justice, Your Daily Mac reports that the vulnerability allows for the possibility that the URL of the site a user is looking at does not match what is in the address bar.
According to the report, the JavaScript command ‘window.open()’ is at the heart of the issue—while the opening of a new window is apparent on desktop operating systems and Android devices, it is considerably less so in the latest version of mobile Safari. The report suggests that while the vulnerability has been tested with iOS 5.1, it is possible—likely, even—that it exists in Safari on older versions of the operating system.
[via The Next Web | Mac Rumors]
.
