URL-spoofing bug in Safari could enable phishing attacks

The latest versions of Safari for Mac OS X and iOS are vulnerable to a URL-spoofing exploit that could allow hackers to launch credible phishing attacks.

The issue was discovered by security researcher David Leo, who published a proof-of-concept exploit for it. Leo’s demonstration consists of a Web page hosted on his domain that, when opened in Safari, causes the browser to display dailymail.co.uk in the address bar.

The ability to control the URL shown by the browser can, for example, be used to easily convince users that they are on a bank’s website when they are actually on a phishing page designed to steal their financial information.

To read this article in full or to leave a comment, please click here

Network World Security