The PlayStation Vita's own internet browser has a critical security vulnerability in the current firmware 2.05 and presumably also in older versions, which was discovered by majorsecurity.com.
A detailed vulnerability description states:
The current version of the web browser installed on the Sony PS Vita system, which is used under firmware 2.05, makes it possible to control and manipulate the displayed content of the address bar as desired.
The address bar of the same website is arbitrarily changed in a new window. The user can no longer tell whether they have opened the original or a fake page. Criminals can use this method to carry out phishing attacks, for example. The victim believes they are on a legitimate website. In reality, however, the browser displays a website belonging to fraudsters who want to steal the user's login credentials.
The vulnerability stems from incorrect handling of the URL when the Javascript method "window.open()" is used.
Using this method, an attacker can cause the browser to open the requested address in a new window, passing along some values such as a page title, a page URL, or the window size.
In this specific example, the victim thinks they are on the website http://de.playstation.com/psvita/ because this is displayed in the address bar – however, the victim is actually on a website controlled by the attacker.”
Majorsecurity recommends refraining from using the PS Vita Browser until the problem is fixed with a patch.
[asa]B009LL5BU8[/asa]
