An inconsistent user interface issue was addressed with improved state management. This issue is fixed in Safari 14.0. Visiting a malicious website may lead to address bar spoofing.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apple safari |
Are you where you think you are, or are you where I want you to think you are? If you want to hijack widely used JavaScript packages, try phishing for devs through these DMARC-shaped holes in key Node.js domains
Rapid7 found Apple’s Safari browser, as well as the Opera Mini and Yandex browsers, were vulnerable to JavaScript-based address bar spoofing. The infosec outfit, along with its “longtime mobile hacker friend Rafay Baloch,” discovered the software could be tricked into displaying the URL of one website while loading and displaying content from another. Such trickery is useful to, among others, thieves and fraudsters who might want to replace a bank’s online login page with one designed to...