Security News

When browsing webpages, such as news articles in the Safari web browser on an iPhone or iPad, users can choose to select and share a partial text excerpt from the page, rather than the entire page itself. "It's actually a useful feature that's great for pointing out specific passages in blogs, news articles, and more," Juli Clover, the website's editor had said earlier.

A campaign to sue Facebook over lax privacy policies that allowed Cambridge Analytica to slurp almost a million people's personal data from the social networking website hopes to become a representative action in the High Court, its instigators said today. The campaign said in a statement: "In 2013 and 2014, thousands of people participated in the thisisyourdigitallife app on Facebook. Facebook allowed this app to harvest the data of the app users' friends without their friends' permission or knowledge, including Alvin Carpio, the representative claimant. By taking data without consent, it is alleged that Facebook failed to meet their legal obligations under the Data Protection Act 1998.".

Rapid7 found Apple's Safari browser, as well as the Opera Mini and Yandex browsers, were vulnerable to JavaScript-based address bar spoofing. He went on to explain: "By messing with the timing between page loads and when the browser gets a chance to refresh the address bar, an attacker can cause either a pop-up to appear to come from an arbitrary website or can render content in the browser window that falsely appears to come from an arbitrary website."

Security researcher Rafay Baloch has discovered address bar spoofing vulnerabilities in several mobile browsers, which could allow attackers to trick users into sharing sensitive information through legitimate-looking phishing sites. "First and foremost, it is easy to persuade the victim into stealing credentials or distributing malware when the address bar points to a trusted website and giving no indicators forgery, secondly since the vulnerability exploits a specific feature in a browser, it can evade several anti-phishing schemes and solutions."

A set of address-bar spoofing vulnerabilities that affect a number of mobile browsers open the door for malware delivery, phishing and disinformation campaigns. "Essentially, if your browser tells you that a pop-up notification or a page is 'from' your bank, your healthcare provider or some other critical service you depend on, you really should have some mechanism of validating that source. In mobile browsers, that source begins and ends with the URL as shown in the address bar. The fact of the matter is, we really don't have much else to rely on."

Learn how to use Apple's Privacy Report in Safari so you can see which websites attempted to track you on your iPhone or iPad. Cross-site trackers operate by tracking you as you surf from one website to another. By default, the mobile version of Safari on your iPhone and iPad tries to prevent cross-site trackers from following you.

Apple has released Safari 14, which features many functional improvements, a Privacy Report that shows all the trackers the browser has neutralized, and and does not support Adobe Flash anymore. Safari 14 sports a redesign of the tab bar, which now displays site favicons by default and previews of the contents of some pages, and a customizable start page.

Pl, has published a proof-of-concept exploit for stealing files from iOS and macOS devices via web application code that utilizes the Web Share API. The security flaw, which isn't too scary as it requires some user interaction, has not yet been repaired, though a patch is being worked on. The exploit involves getting someone to open in Safari a web page with a button that triggers the WebShareAPI in a way that launches native Mail or Gmail apps.

A security researcher disclosed details of an Apple Safari web browser security hole that could leak files with other browsers and applications and open the door to exploitation by attackers. The disclosure came only after Apple said it would delay patching the vulnerability for nearly a year.

A researcher has disclosed the details of an unpatched vulnerability in Apple's Safari web browser that can be exploited to steal files from a targeted user's system. The vulnerability is related to the Web Share API, which allows users to share links from Safari through third-party apps.