Graphic for illustration |
Cybersecurity researchers on Tuesday revealed details of a security vulnerability affecting multiple security browsers including Apple Safari and Opera Touch, which leaves the door open to spear phishing attacks and malware delivery.
Other browsers affected are UCWeb, Yandex Browser, Bolt Browser, and RITS Browser.
The deficiencies were discovered by Pakistani security researcher Rafay Baloch in the summer of 2020 and jointly reported by Baluch and cybersecurity company Rapid7 in August, before being fixed by browser manufacturers in recent weeks.
UCWeb and Bolt Browser are not yet patched, while Opera Mini is expected to receive a fix on November 11, 2020.
The problem arises from the use of malicious JavaScript executable code on any website to force the browser to refresh the address bar while the page is still loading to a different address from the attacker.
Original PoC Demo |
“The vulnerability occurs because Safari persists the address bar of the URL when requested on any port. The function to set the interval reloads bing.com:8080 every 2 milliseconds and therefore the user cannot see the redirect from the original URL to the spoofed URL. “Said Rafay Baloch in technical analysis.
“What makes this vulnerability more effective in Safari by default is not showing the port number in the URL until the focus is placed over the cursor.”
Expressed differently; An attacker could host a malicious website and trick the target into opening the link from a spoofed email or text message. This could allow an unsuspecting recipient to download malware or risk their credentials being stolen.
The investigation also found that the macOS version of Safari is prone to the same bug, which Rapid7 says was fixed in a Big Sur macOS update released last week.
This is not the first time such a vulnerability has been discovered in Safari. Back in 2018, Baloch had reported a similar bug in address bar spoofing, which resulted in the browser retaining the address bar and loading the content from the fake page via a time delay caused by JavaScript.
“As spear phishing attacks become more complex, exploiting browser-based vulnerabilities such as spoofing in the address bar can exacerbate the success of spear phishing attacks and therefore prove very deadly,” said Baloch.
“First and foremost, it is easy to convince the victim to steal credentials or distribute malware if the address bar points to a trusted website and does not contain spoofing indicators. Second, by exploiting a specific function in a browser, the vulnerability can evade multiple anti-functionality phishing schemes and solutions. ”
These were the details of the news Popular mobile browsers are vulnerable to bar spoofing attacks for this day. We hope that we have succeeded by giving you the full details and information. To follow all our news, you can subscribe to the alerts system or to one of our different systems to provide you with all that is new.
It is also worth noting that the original news has been published and is available at de24.news and the editorial team at AlKhaleej Today has confirmed it and it has been modified, and it may have been completely transferred or quoted from it and you can read and follow this news from its main source.