{"id":11288,"date":"2015-05-21T10:09:34","date_gmt":"2015-05-21T14:09:34","guid":{"rendered":"http:\/\/mjtsai.com\/blog\/?p=11288"},"modified":"2021-07-06T16:57:28","modified_gmt":"2021-07-06T20:57:28","slug":"safari-url-spoofing-bug","status":"publish","type":"post","link":"https:\/\/mjtsai.com\/blog\/2015\/05\/21\/safari-url-spoofing-bug\/","title":{"rendered":"Safari URL-spoofing Bug"},"content":{"rendered":"

Lucian Constantin<\/a>:<\/p>\n

\n

The issue was discovered by security researcher David Leo, who published a proof-of-concept exploit<\/a> for it. Leo’s demonstration consists of a Web page hosted on his domain that, when opened in Safari, causes the browser to display dailymail.co.uk in the address bar.<\/p>\n

The ability to control the URL shown by the browser can, for example, be used to easily convince users that they are on a bank’s website when they are actually on a phishing page designed to steal their financial information.<\/p>\n

[…]<\/p>\n

That’s because the attack code is designed to redirect the browser to the spoofed URL, but before the content is loaded, the code reloads the current page.<\/p>\n<\/blockquote>","protected":false},"excerpt":{"rendered":"

Lucian Constantin: The issue was discovered by security researcher David Leo, who published a proof-of-concept exploit for it. Leo’s demonstration consists of a Web page hosted on his domain that, when opened in Safari, causes the browser to display dailymail.co.uk in the address bar. The ability to control the URL shown by the browser can, […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"apple_news_api_created_at":"2021-07-06T20:57:31Z","apple_news_api_id":"f8c7aa71-2c47-403e-bd8c-4462d22033f5","apple_news_api_modified_at":"2021-07-06T20:57:31Z","apple_news_api_revision":"AAAAAAAAAAD\/\/\/\/\/\/\/\/\/\/w==","apple_news_api_share_url":"https:\/\/apple.news\/A-MeqcSxHQD69jERi0iAz9Q","apple_news_coverimage":0,"apple_news_coverimage_caption":"","apple_news_is_hidden":false,"apple_news_is_paid":false,"apple_news_is_preview":false,"apple_news_is_sponsored":false,"apple_news_maturity_rating":"","apple_news_metadata":"\"\"","apple_news_pullquote":"","apple_news_pullquote_position":"","apple_news_slug":"","apple_news_sections":"\"\"","apple_news_suppress_video_url":false,"apple_news_use_image_component":false,"footnotes":""},"categories":[2],"tags":[131,2095,31,904,30,32,903,1200,103,48],"class_list":["post-11288","post","type-post","status-publish","format-standard","hentry","category-technology","tag-bug","tag-exploit","tag-ios","tag-ios-8","tag-mac","tag-macapp","tag-mac-os-x-10-10-yosemite","tag-phishing","tag-safari","tag-security"],"apple_news_notices":[],"_links":{"self":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/11288","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/comments?post=11288"}],"version-history":[{"count":1,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/11288\/revisions"}],"predecessor-version":[{"id":11289,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/11288\/revisions\/11289"}],"wp:attachment":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/media?parent=11288"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/categories?post=11288"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/tags?post=11288"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}