Safari Browser Spoofing Potential

Tuesday, May 19, 2015 @ 02:05 PM gHale

It is possible to create an address spoofing attack in the Safari browser, which can end up leading users to a malicious website while at the same time, the address bar shows the string for a legitimate location.

The latest version of Safari is susceptible to the new spoofing method and security researcher David Leo published proof-of-concept code to demonstrate the flaw. The exploit works on iOS and OS X with the newest updates installed.

Mozilla Fixes 13 Holes in Firefox 38
Apple Fixes Webkit Flaws in Safari
Ransomware Focuses on Outdated Plug-Ins
Malware Goes Invisible

In a demonstration, Leo showed how arbitrary content ends up loaded in the browser, while the string in the address bar shows the page displayed is for the intended page.

The exploit is not perfect, though. By keeping an eye on the address bar, users can catch a glimpse of the web address actually loaded. Having said that, there are few users that would actually watch the address bar when accessing a web resource and the information could pass unnoticed.

In early February, the researcher demonstrated a same-origin policy (SOP) bypass in Internet Explorer 11 running on Windows 7 and 8.1. Microsoft has since patched the vulnerability.

Phishing attempts aiming at stealing login credentials for different online services are an obvious use of the exploit, but cybercriminals could also exploit the glitch to point unsuspecting users to websites serving malware.

Leave a Reply

You must be logged in to post a comment.