• Log In
  • Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Home
  • About
  • Structure
  • Gradebook

ITACS 5211: Introduction to Ethical Hacking

Wade Mackey

Beware! Unpatched Safari Browser Hack Lets Attackers Spoof URLs

September 19, 2018 by Nishit Darade 1 Comment

Beware! Unpatched Safari Browser Hack Lets Attackers Spoof URLs

– Swati Khandelwal

 

The phishing attacks today are sophisticated and increasingly more difficult to spot, and this newly discovered vulnerability takes it to another level that can bypass basic indicators like URL and SSL, which are the first things a user checks to determine if a website is fake.

 

Vulnerability (CVE-2018-8383) is due to a race condition type issue caused by the web browser allowing JavaScript to update the page address in the URL bar while the page is loading. This vulnerability could essentially allow an attacker to load a legitimate page which would cause the page address to be displayed in the URL bar, and then quickly replace the code in the web page with a malicious one.

 

The URL below has a POC video for the vulnerability. Please do look.

 

Link: https://thehackernews.com/2018/09/browser-address-spoofing-vulnerability.html

Filed Under: Week 03: Reconnaisance Tagged With:

Reader Interactions

Comments

  1. Connor Fairman says

    September 19, 2018 at 1:02 pm

    Ah race conditions. The greatest frustration of anyone doing something asynchronous. It’s funny how sometimes you wonder if you’ll ever need to know this type of content after a systems class. “Why would I ever care about race conditions? I’m never going to build an OS.” Well, here it is. This is very true that there is a kind of uncertainty about what the resulting computation will be in a race condition. I’m surprised that the makers of Safari didn’t detect this. Even in Ubuntu, when you compile your programs, you can get little warnings in the terminal about race conditions. Thanks for the heads up.

    Log in to Reply

Leave a Reply Cancel reply

You must be logged in to post a comment.

Primary Sidebar

Weekly Discussions

  • Uncategorized (14)
  • Week 01: Overview (7)
  • Week 02: TCP/IP and Network Architecture (18)
  • Week 03: Reconnaisance (17)
  • Week 04: Vulnerability Scanning (19)
  • Week 05: System and User Enumeration (17)
  • Week 06: Sniffers (17)
  • Week 07: NetCat and HellCat (15)
  • Week 08: Social Engineering, Encoding and Encryption (21)
  • Week 09: Malware (14)
  • Week 10: Web Application Hacking (17)
  • Week 11: SQL Injection (15)
  • Week 12: Web Services (25)
  • Week 13: Evasion Techniques (8)
  • Week 14: Review of all topics (15)

Copyright © 2025 · Magazine Pro Theme on Genesis Framework · WordPress · Log in