Safari and Edge Browser Prone to Address Bar Spoofing Vulnerability
- A security researcher has identified serious vulnerabilities in Safari and Edge that could allow hackers to hijack your internet activity.
- The vulnerability has already been informed to Apple and Microsoft over 90 days ago.
- Microsoft has already issued a fix while Apple has not.
Security flaws in web browsers can have a major impact on an internet user’s privacy. Earlier this year, security researcher Rafay Baloch discovered flaws in Apple Safari and Microsoft Edge that could expose users to cyber attacks.
The security flaw discovered by Baloch revolves around the fact that it takes a few seconds to display web content. Whenever a safe URL loads, cybercriminals could exploit Safari or Edge to redirect users to unsafe websites. Many attackers create copies of genuine websites and bait users into putting in their login data, thereby gaining access to login credentials.
Baloch notified both Apple and Microsoft about the security flaw and waited 90 days before publishing the details about the exploit. Microsoft has already patched the Edge browser, but Apple is yet to patch Safari. Other browsers are not affected by the security flaw. He wrote on his website "Upon requesting data from a non-existent port, the address was preserved and hence a due to race condition over a resource requested from non-existent port combined with the delay induced by setInterval function managed to trigger address bar spoofing."
Internet users to be cautious about malicious websites. While it can be quite challenging to identify malicious sites with tricky security flaws, using security tools that scan for malware and phishing links can be a very successful deterrent and preventing data theft. Users should also keep their software updated at all times. Developers constantly release patches for exploits and not updating your OS, or your apps to the latest version can often leave you vulnerable to cybercriminals online.
What do you think about the security flaw in these browsers? Let us know in the comments below. Also, to get instant tech updates, follow TechNadu’s Facebook page, and Twitter handle.