1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

URL-spoofing bug in Safari could enable phishing attacks

Discussion in 'CSO' started by RSS, May 19, 2015.

  1. RSS

    RSS New Member Member

    The latest versions of Safari for Mac OS X and iOS are vulnerable to a URL-spoofing exploit that could allow hackers to launch credible phishing attacks.

    The issue was discovered by security researcher David Leo, who published a proof-of-concept exploit for it. Leo's demonstration consists of a Web page hosted on his domain that, when opened in Safari, causes the browser to display dailymail.co.uk in the address bar.

    The ability to control the URL shown by the browser can, for example, be used to easily convince users that they are on a bank's website when they are actually on a phishing page designed to steal their financial information.

    To read this article in full or to leave a comment, please click here

    Continue reading...
     

Share This Page