The article discusses a new threat research finding that highlights an advanced Browser-in-the-Middle (BitM) attack specifically targeting Safari users. These attacks deceive victims by presenting legitimate-looking login pages through an attacker-controlled window. A key vulnerability is found within Safari's Fullscreen API, which enables the BitM window to open in fullscreen mode, thereby hiding the malicious URL from users. Despite disclosing this issue to Safari, there are no plans to address it, leaving users highly exposed to such attacks.
The research reveals a serious vulnerability in Safari's Fullscreen API, allowing attackers to execute highly convincing BitM attacks by displaying misleading legitimate login interfaces.
As part of the Year of Browser Bugs project, significant flaws in various browsers are being documented, with an alarming focus on browser-in-the-middle techniques and user vulnerabilities.
Collection
[
|
...
]