25 C
Jaipur
Sunday, November 29, 2020

Safari Among Seven Mobile Browsers Affected by Address Bar Spoofing Vulnerabilities

Must read

This Computer Chip Simulates the Future Faster Than Physics

As we are moving towards the future, computer companies are making their chipsets more and more powerful. For instance, Apple’s latest M1 chip has...

20 hot Amazon Black Friday deals you can still get ahead of Cyber Monday 2020

With Cyber Monday approaching in the UK, Amazon's best Black Friday deals are mostly still in stock going into Sunday. While we've seen sellouts...

This VR App Can Take You Places Using Google’s Street View

This year, as we all know, has been one of the most disastrous years in the history of our world. Apart from the ongoing...

This iOS Simulator Game Lets You Fly the SpaceX Starship

If you’ve ever wished to fly one of SpaceX rockets while watching a NASA live stream, then I feel you. However, recently I came...

Researchers at cyber-security firm, Rapid7, have claimed that several popular mobile browsers are vulnerable to ten new ‘Address Bar Spoofing’ vulnerabilities, thereby jeopardizing the privacy and digital security of their users. According to the report, the affected browsers include Safari, Opera Touch, Opera Mini, Bilt, RITS, UC Browser and Yandex Browser.

The issues were discovered earlier this year by Rapid7 researchers in association with Pakistani cyber-security analyst, Rafay Baloch, and were reported to the respective developers in August. While Apple has since released a fix for Safari, Opera says it will roll out a patch on November 11. The rest of the developers are said to have either ignored the warnings or failed to follow-up after an initial response.

While address bar spoofing has existed since the early days of the world wide web, most desktop browsers have added several layers pf protection over the years to prevent websites from hiding their true identity from visitors. However, thanks to the space constraint on mobile devices, some of the security checks for spoofing cannot be easily accommodated on mobile devices, making them many times more vulnerable to such attacks.

Explaining how address bar spoofing work, the researchers said that “Exploitation all comes down to, ‘Javascript shenanigans’”. According to Rapid7’s Research Director, Tod Beardsley, “By messing with the timing between page loads and when the browser gets a chance to refresh the address bar, an attacker can cause either a pop-up to appear to come from an arbitrary website or can render content in the browser window that falsely appears to come from an arbitrary website”.

You can learn more technical details about the findings on Baloch’s website or the Rapid7 blog.

Source link

- Advertisement -

More articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest article

This Computer Chip Simulates the Future Faster Than Physics

As we are moving towards the future, computer companies are making their chipsets more and more powerful. For instance, Apple’s latest M1 chip has...

20 hot Amazon Black Friday deals you can still get ahead of Cyber Monday 2020

With Cyber Monday approaching in the UK, Amazon's best Black Friday deals are mostly still in stock going into Sunday. While we've seen sellouts...

This VR App Can Take You Places Using Google’s Street View

This year, as we all know, has been one of the most disastrous years in the history of our world. Apart from the ongoing...

This iOS Simulator Game Lets You Fly the SpaceX Starship

If you’ve ever wished to fly one of SpaceX rockets while watching a NASA live stream, then I feel you. However, recently I came...

iOS 15: what we want to see

iOS 15 is a long way off yet but we’re already hearing the first early leaks and rumors about it, all of which you’ll...