Safari, other mobile browsers affected by address bar spoofing flaws

2020-10-21 13:19

Security researcher Rafay Baloch has discovered address bar spoofing vulnerabilities in several mobile browsers, which could allow attackers to trick users into sharing sensitive information through legitimate-looking phishing sites.

"First and foremost, it is easy to persuade the victim into stealing credentials or distributing malware when the address bar points to a trusted website and giving no indicators forgery, secondly since the vulnerability exploits a specific feature in a browser, it can evade several anti-phishing schemes and solutions."

The address bar spoofing vulnerabilities and affected mobile browsers.

Unlike desktop browsers, mobile browsers are not great at showing security indicators that might point to a site's malicious nature.

Opera Touch, Bolt Browser and Safari for iOS. "Exploitation all comes down to 'Javascript shenanigans'," noted Rapid7's Tod Beardsley, who helped Baloch disclose the flaws to the developers of the affected browsers.

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/cPq4zurIQus/

#browser #mobile #safari