Dangers on Safari
…well, not just Safari…
(1)
First, how an unfortunate combination of CSS and HTML – the Safari Reaper attack – can crash iOS and/or macOS.
- Bleeping Computer: New CSS Attack Restarts an iPhone or Freezes a Mac – “A new attack has been discovered that will cause iOS to restart or respring and macOS to freeze simply by visiting a web page that contains certain CSS & HTML. Windows and Linux users are not affected by this bug.”
- John Leyden for The Register: Check out this link! It’s not like it’ll crash your iPhone or anything – “A few lines of code that Apple’s browser simply can’t handle”
(2)
How an attack on Safari can expose you to malicious action such as phishing by spoofing a URL in the address bar:
- The Hacker News: Beware! Unpatched Safari Browser Hack Lets Attackers Spoof URLs – “…While Microsoft fixed the address bar URL spoofing vulnerability last month as part of its monthly security updates, Safari is still unpatched, potentially leaving Apple users vulnerable to phishing attacks…”
- Paul Ducklin for Sophos: Browser security hole on Macs and iPhones – just how bad is it? Sanity checking on the Edge/Safari story (Edge has now been patched) from a very experienced researcher.
David Harley
*** This is a Security Bloggers Network syndicated blog from Mac Virus authored by David Harley. Read the original post at: https://macviruscom.wordpress.com/2018/09/17/dangers-on-safari/