Add to favourites
News Local and Global in your language
19th of November 2018


Safari and Edge users hit by URL spoofing bug

If you're using either Safari (or earlier in the week, Edge), you might be in for a little paranoia. Security researchers have discovered a flaw in the two browsers which allowed hackers to spoof website addresses.

Microsoft has already patched the vulnerability in its Edge browser, while Apple's Safari remains vulnerable to this moment, it was said.

So, how does the vulnerability work? In layman's terms, a victim could start loading the real page, making the URL appear in the address bar. Then, in the middle of it all, the code in the page could move the victim to a more malicious address, while the URL stays the same.

Say hello to fake login screens and landing pages.

"During my testing, it was observed that upon requesting data from a non-existent port the address was preserved and hence due to a race condition over a resource requested from non-existent port combined with the delay induced by setInterval function managed to trigger address bar spoofing," Rafay Baloch, who discovered the vulnerabilities, told The Register.

"It causes browser to preserve the address bar and to load the content from the spoofed page. The browser will however eventually load the resource, however the delay induced with setInterval function would be enough to trigger the address bar spoofing."

Apple has yet to release a patch for the issue, but has been alerted to the problem.

Image source: Shutterstock/Sergey Nivens

Read More

Leave A Comment

More News

Latest ITProPortal news

TechRadar: Internet news

TechCrunch » Enterprise

Disclaimer and is not the owner of these news or any information published on this site.