Security News > 2020 > October > Mobile Browser Bugs Open Safari, Opera Users to Malware

Mobile Browser Bugs Open Safari, Opera Users to Malware
2020-10-20 13:00

A set of address-bar spoofing vulnerabilities that affect a number of mobile browsers open the door for malware delivery, phishing and disinformation campaigns.

"Essentially, if your browser tells you that a pop-up notification or a page is 'from' your bank, your healthcare provider or some other critical service you depend on, you really should have some mechanism of validating that source. In mobile browsers, that source begins and ends with the URL as shown in the address bar. The fact of the matter is, we really don't have much else to rely on."

Because of the lack of real estate for security indicators on the mobile screen, browsers usually block developers from altering anything in the address bar.

"The bugs allow attackers to interfere with the timing between page loads and when the browser gets a chance to refresh the address bar," said Baloch, in a technical paper also posted on Tuesday.

The bugs could affect a wide range of users, even for the lesser-used browsers.


News URL

https://threatpost.com/mobile-browser-bugs-safari-opera-malware/160326/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Opera 6 1 12 4 1 18