
Safari vulnerability in iOS 5.1 allows URL spoofing - cleverjake
http://www.appleinsider.com/articles/12/03/22/safari_vulnerability_in_ios_51_allows_url_spoofing.html
======
charliesome
Since you're opening a new window from another domain and writing arbitrary
HTML into it, I wonder if this vulnerability could be used to bypass cross-
domain restrictions...

~~~
rgaucher
Nope, it's just a spoofing issue, that doesn't affect (as far as I tested) the
actual implementation of Same Origin Policy by Safari. I.e., you cannot get
access to my-cool-site.com DOM, if you're leveraging this bug.

~~~
e28eta
But, my-hacker-site.com could, instead of including an iframe to my-banking-
site.com, simply do a server-side proxy of your bank and execute a pretty
effective phishing attack.

The advice I've seen re:phishing is usually to check the URL. That doesn't
help here.

~~~
azov
_Check the URL_ is not a solid advice, there are many ways to trick you (e.g.
google.com vs goog1e.com). Enter the URL yourself is a better one.

