The release of iOS 5.1.1 has patched an address bar spoofing vulnerability found iOS 5.1. The vulnerability was first reported by David Vieira-Kurz of MajorSecurity.
Impact: A maliciously crafted website may be able to spoof the address in the location bar
Description: A URL spoofing issue existed in Safari. This could be used in a malicious web site to direct the user to a spoofed site that visually appeared to be a legitimate domain. This issue is addressed through improved URL handling. This issue does not affect OS X systems.
The new firmware also patches two webkit vulnerabilities using which a maliciously crafted website may execute a cross-site scripting attack or cause unexpected application termination or arbitrary code execution.
Read More [via CultofMac]
Impact: A maliciously crafted website may be able to spoof the address in the location bar
Description: A URL spoofing issue existed in Safari. This could be used in a malicious web site to direct the user to a spoofed site that visually appeared to be a legitimate domain. This issue is addressed through improved URL handling. This issue does not affect OS X systems.
The new firmware also patches two webkit vulnerabilities using which a maliciously crafted website may execute a cross-site scripting attack or cause unexpected application termination or arbitrary code execution.
Read More [via CultofMac]