Apple iPhone users are much more vulnerable to Web attacks from malicious websites – including those which pose as pages from banks and shops – according to a security expert.
The warning is likely to send shockwaves through the 125m iOS users around the world, as many are increasingly using their devices to run their lives.
The issue stems from the ability of Web developers to display pages on iPhones that push the address bar out of view, according to blogger Nitesh Dhanjani, who said: “The cause of this vulnerability is a design decision by Apple: the Safari browser on the iPhone allows websites to scroll the real address bar out of view. This can allow a malicious website to display a fake address bar thus tricking the user to thinking they are browsing a legitimate site when they are not.”
Dhanjani said he has alerted members of Apple’s security team to the threat, although “they do not know when and how they will address the issue,” he claimed.
Part of the problem, he said, is that smartphone screens do not have big enough screens. As a result, the iPhone’s address bar can be pushed out of the way by pop-ups and other graphics.
“Designers and developers of these apps need to do a better job of making sure they are displaying the actual URL of the site they are rendering in their application (for example, the Twitter app on the iPad renders its own browser when you click on a link instead of sending the user to Safari).”
