A new vulnerability discovered by a German security firm enables an attacker to take advantage of some odd JavaScript behavior and spoof a URL and present a user with an authentic-looking forged Web site. The vulnerability lies in the way that Apple s Safari browser on iOS devices such as iPhones and iPads handles one specific JavaScript call. A demo put together by David Vieria-Kurz of MajorSecurity shows that the attack works on devices running iOS 5.1, the most recent version of the operating system.
Source: https://threatpost.com/ios-javascript-bug-can-lead-spoofed-sites-032312/76363/