Apple just released a new version of its mobile software: iOS 5.1.1. The update includes a number of bug fixes, and also apparently contains a patch for the dangerous URL spoofing vulnerability in mobile Safari.
We told you about the exploit, discovered by the folks at Major Security, back in March of this year. It allows web pages to spoof URLs in Safari’s address bar, leading users to believe they’re on a different website…
Apple explains the fix on its iOS 5.1.1 security support page:
Apple properly credits the discovery of the vulnerability to David Viera-Kurz of Major Security. Viera-Kurz was the first to bring up the issue, publishing an extensive blog post and even creating a working demo of the bug in action.