Safari Loads Previous Cache Page on Back Button in iOS 5

      No Comments on Safari Loads Previous Cache Page on Back Button in iOS 5

As noted elsewhere, Safari seems to have a bug in its cache management, that could potentially be a serious security issue.

Here are the steps:-

  1. You visit a site (let’s call that page ‘A1’)
  2. At some point later, perhaps up to as much as a day later, you visit the same page (let’s call that A2)
  3. Now follow a link from that page (let’s call the linked page B1) – so far normal browsing activity
  4. Press the back button. Instead of the expected A2 page, you get A1.

Either Safari is failing to insert A2 in the cache, or it inserts it but does so wrongly so that A1 does not get replaced, leading to the wrong cache data being retrieved. You can ‘fix’ the error by hitting reload, to force Safari to request the page again.

The only page where I know I’ve seen this occur, and its intermittent, is the BBC News homepage. Go there, click a link to an article, hit back, and you see the homepage from an an earlier visit, not the one you just left.

Where this could be a security issue is if A1 contains sensitive information, say banking details or passwords, and a second device user could select the page from the browser history and see the stale information instead of the live data. Whilst I’ve not seen this in practice, the fact that Safari seems to be wrongly managing cache data could expose the user to all sorts of risks. Apple really need to fix this urgently, and not ignore it for the ‘cosmetic’ error is currently appears to be.




Leave a Reply

Your email address will not be published. Required fields are marked *