Category: iOS

Category about mobile vulnerabilities | iOS

Posted on

Facebook iOS address bar spoofing

Whatsapp Copy 2 e1618729194930

There is an inconsistency in the way Facebook iOS Inbox which uses WebView component renders some web page redirections in a way that allows an attacker to perform address bar spoofing, resulting in an HTTPS URL being displayed with the content from some other web site., To demonstrate I have created javascript that automatically clicks on link for performing redirection to invalid port to make delay in response so browser is displaying content from attackers site without updating back to initiator page from non responsive.

Affected version:

App version: Facebook for iOS 291.0

Continue reading “Facebook iOS address bar spoofing”
Posted on

FB & Messenger for iOS : Address Bar spoofing using data uri

fbspoofusingdatauri1 e1618730173670

Summary: Facebook & Messenger for iOS was vulnerable to Address Bar spoofing which was be reproduced by navigating from target domain to attackers domain.

Attackers domain was able to set location to data:text/html,<script>…</script> using location header, so it was executed in context while keeping target domain in url bar.

Continue reading “FB & Messenger for iOS : Address Bar spoofing using data uri”