New Address Bar Spoofing Trick preys upon Apple’s Safari

Even an expert’s eye can be befooled despite the presence of certain elements that are likely to deceive suspicious activity. For example, the webpage loading wheel and the bar both are visible, signifying the unfinished process.
However, a lot of websites witness this as the background components have a lower priority score while the page is being loaded. Users tap into ‘log in’ field without reading anything into that.

The users of Safari cannot access the typing field while the status of the page is still ‘loading’ and this is where the whole problem is based. Similar to what banking Trojans did for years, Baloch said that he along with his team made past this hurdle by injecting a fake keyboard on the screen.

According to the reports, a fix would be released by Apple in their next set of security updates.

Leave a Reply