A serious security vulnerability has been uncovered in Apple’s Safari web browser that could trick Safari users into visiting a malicious website with the genuine web address.
A group of researchers, known as Deusen, has demonstrated how the address spoofing vulnerability could be exploited by hackers to fool victim into thinking they are visiting a trusted website when actually the Safari browser is connected to an entirely different address.
This flaw could let an attacker lead Safari users to a malicious site instead of a trusted website they willing to connect to install malicious software and steal their login credentials.
- See more at: http://thehackernews.com/2015/05/safari-url-spoofing.html#sthash.wXwd1Q9W.dpuf
--- POC ---------------------------------------
<script> function f() { location="dailymail.co.uk/home/index.htm…"+Math.random(); } setInterval("f()",10); </script> - See more at: http://thehackernews.com/2015/05/safari-url-spoofing.html#sthash.HmJRX1gF.dpuf
--- POC ---------------------------------------