Apple's Safari Falls For New Address Bar Spoofing Trick

More from: | Bleeping Computer |

An unpatched vulnerability in the Safari web browser allows an attacker to control the content displayed in the address bar, a security researcher discovered. The method enables well-crafted phishing attacks that are difficult to spot by the average consumer.

The bug is a race condition type and it is caused by the browser permitting JavaScript to update the address bar before a web page loads completely.

Apple is taking its time to release a fix

Security researcher Rafay Baloch was able to reproduce the vulnerability only in Safari and Edge web browsers.

He informed the makers of the two browsers about the risk, but only Microsoft responded with a patch on August 14, as part of its regular release


Read full article »

About | Bleeping Computer |

Bleeping Computer® is a technical support site and a self-education tool for the novice user to learn basic concepts about Computer Technology. Our focus is to allow the novice computer user to be able to have a place that they can come and discuss computer/technology problems with their peers and at the same time have a rich resource in which to learn the "basics" about computers and technology.

We have found, with our extensive experience in helping users, whether they be family, friends, coworkers, or clients, that most technical support problems lie not with the computer, but with the fact that the user does not know the "basic concepts" that underlie all issues of computing. These concepts include hardware, files and folders, operating systems, Internet, and applications.

»Twitter: @BleepinComputer »Facebook: @BleepingComputer »YouTube: BleepingComputer