According to ReadWriteWeb, a security researcher has discovered a potential way that malicious web developers could start tricking iOS users into clicking through phishing websites. The weakness is due to the way that Apple lets web developers auto scroll sites, thereby hiding the address bar.

Security researcher Nitesh Dhanjani created a demo of how a maliciously crafted website could be created. Visiting his page on your iPhone or iPod touch makes it appear as though you're on the Bank of America website, right down to the address bar having the correct URL and lock to make it appear as though you're on a secure website. However, you're really on the demo page, and by scrolling up a bit, you will be presented with the actual Safari address bar.

"In the case of iOS, since most applications are full-screen, it is in the interest of the application designers to keep the users immersed within their application instead of yanking the user out into Safari to render web content," Dhanjani explained. "Given this situation, it becomes vital for iOS to provide consistency so the user can be ultimately assured what domain the web content is being rendered from."

Dhanjani has explained this issue to Apple. He said, "They let me know they are aware of the implications but do not know when and how they will address the issue."

Unfortunately, there's no way turn off this functionality. The best advice is to just stay vigilant when visiting websites referenced in emails and other places online.

Check out the video below to see how this exploit could trick users.

via ReadWriteWeb

Follow this article's author, Cory Bohon on Twitter.