Mobile Browser Bugs Open Safari, Opera Users to Malware

2020-10-20 13:00

A set of address-bar spoofing vulnerabilities that affect a number of mobile browsers open the door for malware delivery, phishing and disinformation campaigns.

"Essentially, if your browser tells you that a pop-up notification or a page is 'from' your bank, your healthcare provider or some other critical service you depend on, you really should have some mechanism of validating that source. In mobile browsers, that source begins and ends with the URL as shown in the address bar. The fact of the matter is, we really don't have much else to rely on."

Because of the lack of real estate for security indicators on the mobile screen, browsers usually block developers from altering anything in the address bar.

"The bugs allow attackers to interfere with the timing between page loads and when the browser gets a chance to refresh the address bar," said Baloch, in a technical paper also posted on Tuesday.

The bugs could affect a wide range of users, even for the lesser-used browsers.

News URL

https://threatpost.com/mobile-browser-bugs-safari-opera-malware/160326/

#browser #malware #mobile #opera #safari

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Opera		7	14	212	20	52	298

News URL

Related news

Related vendor