- Apr 21, 2016
- 3,409
Microsoft has patched an address bar spoofing bug in its Edge web browser, while Apple still has to follow suit patching its iOS web browser after receiving a report on the issue on June 2.
Researcher Rafay Baloch disclosed the address spoofing bug on his website on September 10, after first sending a 90 days deadline reminder on August 11.
Microsoft promptly responded with a bug fix on August 14, but Apple failed to patch the vulnerability available in the Safari web browser pre-installed on iOS 11.3.1. This might be due to the fact the Cupertino company will include the fix within the next iOS release, as it usually does.
Baloch detailed the steps necessary to reproduce the bug in his writeup, first linking a proof of concept HTML file which points the vulnerable browser to gmail .com :8080, although the content is hosted on a completely unrelated domain.
The proof of concept works because the vulnerable browser will allow a maliciously crafted JavaScript-based script to update the contents of the address bar before and while the web page is still loading.
Read more: Safari Vulnerable to Address Bar Spoofing on iOS
Researcher Rafay Baloch disclosed the address spoofing bug on his website on September 10, after first sending a 90 days deadline reminder on August 11.
Microsoft promptly responded with a bug fix on August 14, but Apple failed to patch the vulnerability available in the Safari web browser pre-installed on iOS 11.3.1. This might be due to the fact the Cupertino company will include the fix within the next iOS release, as it usually does.
Baloch detailed the steps necessary to reproduce the bug in his writeup, first linking a proof of concept HTML file which points the vulnerable browser to gmail .com :8080, although the content is hosted on a completely unrelated domain.
The proof of concept works because the vulnerable browser will allow a maliciously crafted JavaScript-based script to update the contents of the address bar before and while the web page is still loading.
Read more: Safari Vulnerable to Address Bar Spoofing on iOS
Last edited by a moderator:
![[correlate]](/data/avatars/s/79/79653.jpg?1556985072){kind=avatar}
