X
Tech
Home Tech Security

iPhone Safari feature is a risk, says researcher

A researcher has warned that a feature on Safari for iPhone could be used to hide malicious URLs.Safari on the iPhone hides a URL once a web page has loaded.
Written by Tom Espiner, Contributor

A researcher has warned that a feature on Safari for iPhone could be used to hide malicious URLs.

Safari on the iPhone hides a URL once a web page has loaded. This means that a spoof web page which contains a spoof URL within the body of the page could be used to lull users into a false sense of security, researcher Nitesh Dhanjani said in a blog post on Monday.

"Notice that the address bar stays visible while the page renders, but immediately disappears as soon as it is rendered," said Dhanjani. "Perhaps this may give the user some time to notice but it is not a reasonably reliable control (and I don’t think Apple intended it to be)."

Dhanjani demonstrated a proof-of-concept phishing page with the actual URL http://www.dhanjani.com/iphone-safari-ui-spoofing/. The page spoofed the Bank of America landing page, but the URL was hidden when the page rendered. To view the actual URL, users had to scroll up.

The researcher has contacted Apple about the Safari feature.

Editorial standards
Show Comments

Related

Linux Mint 10

I've tried a zillion desktop distros - it doesn't get any better than Linux Mint 22

Samsung Galaxy Z Flip 6 inner display next to Android figurine.

One of the best foldable phones I've tested is not from OnePlus or Motorola

TCL Tab 10 Nxtpaper 5G

One of the best budget Android tablets I've tested is not made by Samsung or Google