A critical vulnerability has been discovered in the Safari web browser from Apple that allows driving Safari users to a malicious site instead of a trusted site.
This vulnerability could be exploited by hackers to launch very credible phishing attacks or divert the accounts of users on a Web site.
The flaw was discovered by security researcher David Leo, who published a proof of concept. Leo has been demonstrated that it was possible to suggest to the user that although surfed the real website DailyMail.co.uk when he was just a "screen" page. He believes and surf the DailyMail.co.uk, but in fact it displays a page that has nothing to do even if it is the British newspaper the URL displayed in the address bar.
Operated by the wrong hands, a hacker could use a bank site instead of Daily Mail site and then inject a phishing page asking the user's bank codes.
The exploit has been successfully tested on a MacBook Pro running OS X update Safari 8.0.6 and 10.10.3 and a 5S iPhone with iOS 8.3.
source
This vulnerability could be exploited by hackers to launch very credible phishing attacks or divert the accounts of users on a Web site.
The flaw was discovered by security researcher David Leo, who published a proof of concept. Leo has been demonstrated that it was possible to suggest to the user that although surfed the real website DailyMail.co.uk when he was just a "screen" page. He believes and surf the DailyMail.co.uk, but in fact it displays a page that has nothing to do even if it is the British newspaper the URL displayed in the address bar.
Operated by the wrong hands, a hacker could use a bank site instead of Daily Mail site and then inject a phishing page asking the user's bank codes.
The exploit has been successfully tested on a MacBook Pro running OS X update Safari 8.0.6 and 10.10.3 and a 5S iPhone with iOS 8.3.
source
I founded the Blog DepoTech in January 2015. Self-taught in development, I have always pushed my curiosity about the topics,Web and Tech news.
ConversionConversion EmoticonEmoticon