New address bar spoofing attacks target popular mobile browsers, including Yandex Browser, UCWeb, RITS Browser, and Bolt Browser. On Tuesday, Oct. 22, cybersecurity experts provided the details about the new vulnerability that currently affects multiple mobile browsers, such as Opera Touch and Apple Safari.

The address bar spoofing vulnerability allows hackers and other cybercriminals to deliver malware and conduct spear-phishing attacks, as reported by The Hacker News. Rafay Baloch, a Pakistani security researcher, was the first to discover the flaws in 2020.

Together with a cybersecurity firm called Rapid7, Baloch announced the newly discovered vulnerability in August. The confirmation came before the browser makers addressed the issue over the past few weeks.

Because of the announcement, Opera Mini said that a fix is expected on Nov. 11, 2020. Meanwhile, other browsers, such as Bolt Browser, and UCWeb still hasn’t received any patch yet.

The vulnerability came from using a harmful executable JavaScript code, which can be found in an arbitrary website. Once the malicious code is activated, it will force the mobile browser to update the address bar to another address of the attacker’s choice while the page is still loading.

Also Read: Telegram Deepfake Bot Strips Off Photos of Over 100,000 Women-Here’s How Adobe Plans to Fight It!

“The vulnerability occurs due to Safari preserving address bar of the URL when requested over an arbitrary port, the set interval function reloads every 2 milliseconds and hence user is unable to recognize the redirection from the original URL to spoofed URL,” said Rafay Baloch in his technical analysis.

According to Rafay Baloch’s blog post, Zscaler’s report found an increase of 85% in phishing attacks in April. The cyberattacks focus on registering domains featuring COVID-19 keywords such as vaccine, Wuhan, and other terms related to coronavirus, for stealing sensitive credentials from unsuspecting users.

They also disseminate malware, such as ransomware, for conducting financial frauds. Microsoft also highlighted the advanced cyber attacks, categorizing email phishing as the most dominant attack vector.

For more news updates about other security threats, always keep your tabs open here at TechTimes.

By clicking on ‘Submit’ button above, you confirm that you accept Tech Times Terms & Conditions


Address bar, Vulnerability, Safari, Mobile browser, Opera, Web browser, Computer security, Apple

World news – THAT – BEWARE: Popular Mobile Browsers Are Vulnerable to New Address Bar Spoofing Attacks

Building on its expertise in the areas of digital, technologies and processes , CSS Engineering you in your most ambitious transformation projects and helps you bring out new ideas, new offers, new modes of collaboration, new ways of producing and selling.

CSS Engineering is involved in projects each customer as if it were his own. We believe a consulting company should be more than an advisor. We put ourselves in the place of our customers, to align we incentives to their goals, and collaborate to unlock the full potential their business. This establishes deep relationships and enjoyable.

Our services:

  1. Create professional websites
  2. Hosting high performance and unlimited
  3. Sale and video surveillance cameras installation
  4. Sale and Installation of security system and alarm
  5. E-Marketing

All our achievements here


Please enter your comment!
Please enter your name here