Posts Tagged ‘WebKit 534.46’
Thursday, March 22, 2012 @ 02:03 PM gHale
There is a vulnerability in the WebKit in the mobile version of Safari where an attacker could manipulate the browser’s address bar and lead the user to a malicious site with a fake URL showing above it.
Attackers could use the vulnerability for phishing attacks by sending users to pages which appear to be their bank and asking for account data.
The vulnerability affects WebKit 534.46 in the latest iOS version 5.1, though earlier versions of iOS may also exhibit the problem. Users of third party browsers based on WebKit on iOS could also be vulnerable to the address spoofing. Vieira-Kurz informed Apple of the problem in early March.
Only a few third-party browsers, such as Dolphin HD, suffer from the vulnerability. Other iOS browsers such as iCabMobile and Atomic Web are not.