Apple Safari Browser Vulnerable to URL Spoofing Vulnerability

2015.05.19
Credit: Deusen
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

A serious security vulnerability has been uncovered in Apple’s Safari web browser that could trick Safari users into visiting a malicious website with the genuine web address. A group of researchers, known as Deusen, has demonstrated how the address spoofing vulnerability could be exploited by hackers to fool victim into thinking they are visiting a trusted website when actually the Safari browser is connected to an entirely different address. This flaw could let an attacker lead Safari users to a malicious site instead of a trusted website they willing to connect to install malicious software and steal their login credentials. - See more at: http://thehackernews.com/2015/05/safari-url-spoofing.html#sthash.wXwd1Q9W.dpuf --- POC --------------------------------------- <script> function f() { location="dailymail.co.uk/home/index.htm…"+Math.random(); } setInterval("f()",10); </script> - See more at: http://thehackernews.com/2015/05/safari-url-spoofing.html#sthash.HmJRX1gF.dpuf --- POC ---------------------------------------

References:

http://thehackernews.com/2015/05/safari-url-spoofing.html


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top