Summary: Facebook & Messenger for iOS was vulnerable to Address Bar spoofing which was be reproduced by navigating from target domain to attackers domain.
Attackers domain was able to set location to data:text/html,<script>…</script> using location header, so it was executed in context while keeping target domain in url bar.
Continue reading “FB & Messenger for iOS : Address Bar spoofing using data uri”