Title: URL-spoofing bug in Apple's Safari could enable hard to detect phishing attacks Post by: HCK on May 20, 2015, 09:00:12 am URL-spoofing bug in Apple's Safari could enable hard to detect phishing attacks
<article> <section class="page"> <p>The latest versions of Safari for Mac OS X and iOS are vulnerable to a URL-spoofing exploit that could allow hackers to launch credible phishing attacks.</p><p>The issue was discovered by security researcher David Leo, who published a proof-of-concept exploit (http://www.deusen.co.uk/items/iwhere.9500182225526788/) for it. Leo’s demonstration consists of a Web page hosted on his domain that, when opened in Safari, causes the browser to display dailymail.co.uk in the address bar.</p><p>The ability to control the URL shown by the browser can, for example, be used to easily convince users that they are on a bank’s website when they are actually on a phishing page designed to steal their financial information.</p><p class="jumpTag"><a href="/article/2924212/urlspoofing-bug-in-safari-could-enable-phishing-attacks.html#jump">To read this article in full or to leave a comment, please click here[/url]</p></section></article> Source: URL-spoofing bug in Apple's Safari could enable hard to detect phishing attacks (http://www.macworld.com/article/2924212/urlspoofing-bug-in-safari-could-enable-phishing-attacks.html#tk.rss_all) |