Hackers used a bug to insert malicious content into Edge's and Safari's address bar
A severe vulnerability in the Windows Microsoft Edge and Apple Safari browser was discovered recently. The bug permitted hackers to spoof various website URLs. However, Microsoft has already solved and fixed this problem while Apple is still working on the process. Due to this, Apple users risk being victims of cyber attacks.
The spoofing process details
Spoofing has a particular operating principle which allows the hacker to load a legitimate site straight in the URL section and replace the harmless address with a malicious or even virus-related one. While in the past users checked the URL address of the website to make sure that it is not fake, nowadays it might cause no effect, as the spoofed URL does not differ from the original one.
According to research, hackers can load the legitimate web page, re-write the body code to something malicious, without changing the URL. Using such weakness, hackers can easily produce fake login screens from Facebook, Gmail, and Twitter which would allow them to steal various sensitive information including credential details from users who are tricked by the legitimate-looking URL.
Apple gave no oriental details about the issue fixing time limit
Even though Microsoft managed to fix the issue and Apple did not representatives of the latter company claimed that the bug would be taken care of together with the next Safari browser security update. However, according to Baloch, Apple did not give any current details or dates of the time when the fix will be applied.
While Safari and Edge were affected by the bug, other browsers such as Google Chrome and Mozilla Firefox remain secure. Microsoft and Apple faced a disclosure of the remaining vulnerabilities and were given 90-day time duration to sort everything out before Baloch publicly announced about the failure.
Moreover, the IT researcher measured the risk of vulnerabilities on Edge and Safari, and discovered that such bug is way easier to use on the latter: