A number of popular mobile web browsers had a critical security flaw that could have enabled malicious threat actors to spoof URLs and redirect users to sites laden with malware. A new report, published by cyber security research firm Rapid7 in partnership with independent security researcher Rafay Baloch, claims that Apple Safari, Opera Touch and Mini, UC Browser and four other lesser known web browsers on Android and iOS exhibited a critical system vulnerability. As a result of this flaw, you may have initially searched for a legitimate website, but hackers could have compromised you by running malicious javascript, or tiny snippets of code, on webpages – in turn leading you to a malicious website while showing the correct web address in your address bar.

Address bar spoofing flaws are not really new or innovative. In fact, spoofing or masking URLs on desktop web browsers have been an old tactic in hacker text books to dupe users into downloading malware or succumbing to ransomware. However, with time, desktop browsers have added multiple safeguards including certificate authentication and URL inspections built into address bars. This has not been possible with mobile browsers, primarily due to the constraint of screen space. Utilising this, hackers are seemingly running malicious scripts on webpages, which would force a website to reload.

It is during this reload loop that the hackers are routing your webpage to a malicious site. To disguise this bit, the hackers were so far using the address bar vulnerabilities to spoof or mask the URL displayed. As a result, your phone will likely show you a legitimate website address, which as the average, non-savvy user, you may not recognise so easily. The vulnerability is being ranked as critical since this could have led to you downloading malware of varying severities, in turn compromising the security of all data stored on your phone.

According to Rapid7, Apple has already patched the security flaw on Safari, which was last seen in iOS 13.6. Opera, a mostly respected name in the field of web browsers, has also promised security patches for the flaw to all its users of the Opera Touch and Opera Mini web browsers on November 11. However, Rapid7 notes that all other browsers contacted by them, including UC Browser, Yandex, Bolt and RITS, have not even responded to multiple attempts made by the researchers to contact them and report the flaw. With UC and Yandex having a considerable volume of users, this is an alarming issue that must be addressed with urgency.

Until the issues are resolved, users are advised to stick to reliable web browsers such as Google Chrome and Mozilla Firefox, and keep an eye out for security bulletins that regularly report such flaws.

Source: https://www.news18.com/news/tech/apple-safari-opera-uc-browser-and-others-had-critical-address-bar-spoofing-flaws-2989976.html

Address bar, Safari, Mobile browser, Opera, Vulnerability, Web browser, Apple, Computer security

World news – CA – Apple Safari, Opera, UC Browser and Others Had Critical Address Bar Spoofing Flaws

En s’appuyant sur ses expertises dans les domaines du digital, des technologies et des process , CSS Engineering vous accompagne dans vos chantiers de transformation les plus ambitieux et vous aide à faire émerger de nouvelles idées, de nouvelles offres, de nouveaux modes de collaboration, de nouvelles manières de produire et de vendre.

CSS Engineering s’implique dans les projets de chaque client comme si c’était les siens. Nous croyons qu’une société de conseil devrait être plus que d’un conseiller. Nous nous mettons à la place de nos clients, pour aligner nos incitations à leurs objectifs, et collaborer pour débloquer le plein potentiel de leur entreprise. Cela établit des relations profondes et agréables.

Nos services:

  1. Création des sites web professionnels
  2. Hébergement web haute performance et illimité
  3. Vente et installation des caméras de vidéo surveillance
  4. Vente et installation des système de sécurité et d’alarme
  5. E-Marketing

Toutes nos réalisations ici https://www.css-engineering.com/en/works/


Please enter your comment!
Please enter your name here