Few hours ago Apple launched a fresh updated iOS version — iOS 5.1.1. Latest iOS update contains a number of bug fixes, also includes a patch for the dangerous URL spoofing in Safari.

Earlier defined by MajorSecurity.net, a malicious web site could take advantage of javascript in Safari to provide a fake websites.

The illustration was provided of going to a fake site that shown “Apple.com” in your address bar. This specific malicious method which can be used to collect important informations — banking and login details from iOS devices running iOS 5.1 firmware or above.

Safari malicious exploit

Apple has fixed the vulnerability in the freshly-launched iOS 5.1.1 firmware:

Safari
Available for: iPhone 3GS, iPhone 4, iPhone 4S, iPod touch (3rd generation) and later, iPad, iPad 2 

Impact: A maliciously crafted website may be able to spoof the address in the location bar 

Description: A URL spoofing issue existed in Safari. This could be used in a malicious web site to direct the user to a spoofed site that visually appeared to be a legitimate domain. This issue is addressed through improved URL handling. This issue does not affect OS X systems.

iPhone, iPad and iPod Touch owners can install iOS 5.1.1 right now to get this important security fix together with two WebKit vulnerability patches.