New address bar spoofing attacks target popular mobile browsers, including Yandex Browser, UCWeb, RITS Browser, and Bolt Browser. On Tuesday, Oct. 22, cybersecurity experts provided the details about the new vulnerability that currently affects multiple mobile browsers, such as Opera Touch and Apple Safari.

The address bar spoofing vulnerability allows hackers and other cybercriminals to deliver malware and conduct spear-phishing attacks, as reported by The Hacker News. Rafay Baloch, a Pakistani security researcher, was the first to discover the flaws in 2020.

Together with a cybersecurity firm called Rapid7, Baloch announced the newly discovered vulnerability in August. The confirmation came before the browser makers addressed the issue over the past few weeks.

Because of the announcement, Opera Mini said that a fix is expected on Nov. 11, 2020. Meanwhile, other browsers, such as Bolt Browser, and UCWeb still hasn’t received any patch yet.

The vulnerability came from using a harmful executable JavaScript code, which can be found in an arbitrary website. Once the malicious code is activated, it will force the mobile browser to update the address bar to another address of the attacker’s choice while the page is still loading.

Also Read: Telegram Deepfake Bot Strips Off Photos of Over 100,000 Women-Here’s How Adobe Plans to Fight It!

“The vulnerability occurs due to Safari preserving address bar of the URL when requested over an arbitrary port, the set interval function reloads every 2 milliseconds and hence user is unable to recognize the redirection from the original URL to spoofed URL,” said Rafay Baloch in his technical analysis.

According to Rafay Baloch’s blog post, Zscaler’s report found an increase of 85% in phishing attacks in April. The cyberattacks focus on registering domains featuring COVID-19 keywords such as vaccine, Wuhan, and other terms related to coronavirus, for stealing sensitive credentials from unsuspecting users.

They also disseminate malware, such as ransomware, for conducting financial frauds. Microsoft also highlighted the advanced cyber attacks, categorizing email phishing as the most dominant attack vector.

For more news updates about other security threats, always keep your tabs open here at TechTimes.

By clicking on ‘Submit’ button above, you confirm that you accept Tech Times Terms & Conditions


Address bar, Vulnerability, Safari, Mobile browser, Opera, Web browser, Computer security, Apple

World news – CA – BEWARE: Popular Mobile Browsers Are Vulnerable to New Address Bar Spoofing Attacks

En s’appuyant sur ses expertises dans les domaines du digital, des technologies et des process , CSS Engineering vous accompagne dans vos chantiers de transformation les plus ambitieux et vous aide à faire émerger de nouvelles idées, de nouvelles offres, de nouveaux modes de collaboration, de nouvelles manières de produire et de vendre.

CSS Engineering s’implique dans les projets de chaque client comme si c’était les siens. Nous croyons qu’une société de conseil devrait être plus que d’un conseiller. Nous nous mettons à la place de nos clients, pour aligner nos incitations à leurs objectifs, et collaborer pour débloquer le plein potentiel de leur entreprise. Cela établit des relations profondes et agréables.

Nos services:

  1. Création des sites web professionnels
  2. Hébergement web haute performance et illimité
  3. Vente et installation des caméras de vidéo surveillance
  4. Vente et installation des système de sécurité et d’alarme
  5. E-Marketing

Toutes nos réalisations ici


Please enter your comment!
Please enter your name here