Friday, April 19, 2024

Security Boulevard

The Home of the Security Bloggers Network

Community Chats Webinars Library

Home
Security Creators Network
Webinars
Events
- Upcoming Events
- On-Demand Events
Sponsored Content
Chat
Library
Related Sites
Media Kit
About
Sponsor

Analytics
AppSec
CISO
Cloud
DevOps
GRC
Identity
Incident Response
IoT / ICS
Threats / Breaches
More
Humor

Hot Topics

USENIX Security ’23 - Inductive Graph Unlearning
From DAST to dawn: why fuzzing is better solution | Code Intelligence
Scaling Application Security With Application Security Posture Management (ASPM)
Crunching Some Numbers on PHP Support
Google Chrome DBSC Protection Tested Against Cookie Attacks

SBN News Security Bloggers Network

Home » Cybersecurity » SBN News » Dangers on Safari

Dangers on Safari

by David Harley on September 17, 2018

…well, not just Safari…

(1)

First, how an unfortunate combination of CSS and HTML – the Safari Reaper attack – can crash iOS and/or macOS.

Bleeping Computer: New CSS Attack Restarts an iPhone or Freezes a Mac – “A new attack has been discovered that will cause iOS to restart or respring and macOS to freeze simply by visiting a web page that contains certain CSS & HTML. Windows and Linux users are not affected by this bug.”
John Leyden for The Register: Check out this link! It’s not like it’ll crash your iPhone or anything – “A few lines of code that Apple’s browser simply can’t handle”

(2)

How an attack on Safari can expose you to malicious action such as phishing by spoofing a URL in the address bar:

Techstrong Con 2024

Sponsorships Available

Sponsorships Available

Sponsorships Available

The Hacker News: Beware! Unpatched Safari Browser Hack Lets Attackers Spoof URLs – “…While Microsoft fixed the address bar URL spoofing vulnerability last month as part of its monthly security updates, Safari is still unpatched, potentially leaving Apple users vulnerable to phishing attacks…”
Paul Ducklin for Sophos: Browser security hole on Macs and iPhones – just how bad is it? Sanity checking on the Edge/Safari story (Edge has now been patched) from a very experienced researcher.

David Harley

*** This is a Security Bloggers Network syndicated blog from Mac Virus authored by David Harley. Read the original post at: https://macviruscom.wordpress.com/2018/09/17/dangers-on-safari/

September 17, 2018September 17, 2018 David Harley Apple, css, ios, iPhones, macos, Phishing, spoofing

← The Joy of Tech®’s ‘Post Apple Keynote Grouches’
Webinar: Breaking into IT — From First Job to Advanced Certs with CompTIA →

Techstrong TV

Click full-screen to enable volume control

Watch latest episodes and shows

Upcoming Webinars

Mastering AI Security Posture Management for Cloud Security Professionals

Building better AppSec programs with ASPM

The Promise and Perils of AI

How Are You Protecting Your Company from API Security Breaches?

How Many Types of SBOM Are There?

Podcast

Listen to all of our podcasts

Press Releases

GoPlus's Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

C2A Security’s EVSec Risk Management and Automation Platform Gains Traction in Automotive Industry as Companies Seek to Efficiently Meet Regulatory Requirements

C2A Security’s EVSec Risk Management and Automation Platform Gains Traction in Automotive Industry as Companies Seek to Efficiently Meet Regulatory Requirements

Zama Raises $73M in Series A Lead by Multicoin Capital and Protocol Labs to Commercialize Fully Homomorphic Encryption

Zama Raises $73M in Series A Lead by Multicoin Capital and Protocol Labs to Commercialize Fully Homomorphic Encryption

RSM US Deploys Stellar Cyber Open XDR Platform to Secure Clients

RSM US Deploys Stellar Cyber Open XDR Platform to Secure Clients

ThreatHunter.ai Halts Hundreds of Attacks in the past 48 hours: Combating Ransomware and Nation-State Cyber Threats Head-On

ThreatHunter.ai Halts Hundreds of Attacks in the past 48 hours: Combating Ransomware and Nation-State Cyber Threats Head-On

Subscribe to our Newsletters

Most Read on the Boulevard

Cheap ‘Junk-Gun Ransomware’ Emerging on the Dark Web

Vulnerabilities for AI and ML Applications are Skyrocketing

SIM Swappers Try Bribing T-Mobile and Verizon Staff $300

Ex-Security Engineer Gets Three Years in Prison for $12 Million Crypto Hacks

House Passes Privacy-Preserving Bill, but Biden Blasts it

USENIX Security ’23 – NRDelegationAttack: Complexity DDoS attack on DNS Recursive Resolvers

Palo Alto Networks PAN-OS Command Injection Vulnerability (CVE-2024-3400)

MY TAKE: GenAI revolution — the transformative power of ordinary people conversing with AI

Critical RCE Vulnerability in 92,000 D-Link NAS Devices

What are Identity Providers (IdP)?

Industry Spotlight

API Security Application Security Cloud Security Cloud Security Cyberlaw Cybersecurity Data Privacy Deep Fake and Other Social Engineering Tactics Editorial Calendar Featured Governance, Risk & Compliance Humor Identity & Access Identity and Access Management Industry Spotlight Insider Threats IOT IoT & ICS Security Mobile Security Most Read This Week News Popular Post Regulatory Compliance Securing the Cloud Security Awareness Security Boulevard (Original) Social - Facebook Social - LinkedIn Social - X Social Engineering Spotlight Threats & Breaches Zero-Trust

House Passes Privacy-Preserving Bill, but Biden Blasts it

April 18, 2024 Richi Jennings | Yesterday 0

Application Security Cybersecurity Data Privacy Data Security DevOps Industry Spotlight Mobile Security Network Security News Security Boulevard (Original) Social - Facebook Social - LinkedIn Social - X Social Engineering Spotlight

XZ Utils-Like Takeover Attempt Targets the OpenJS Foundation

April 17, 2024 Jeffrey Burt | 1 day ago 0

Analytics & Intelligence Cyberlaw Cybersecurity Data Privacy Data Security Deep Fake and Other Social Engineering Tactics Editorial Calendar Endpoint Featured Governance, Risk & Compliance Humor Identity & Access Identity and Access Management Incident Response Industry Spotlight Insider Threats Mobile Security Most Read This Week Network Security News Popular Post Regulatory Compliance Securing the Edge Security at the Edge Security Awareness Security Boulevard (Original) Security Challenges and Opportunities of Remote Work Security Operations Social - Facebook Social - X Social Engineering Spotlight Threat Intelligence Threats & Breaches Zero-Trust

SIM Swappers Try Bribing T-Mobile and Verizon Staff $300

April 16, 2024 Richi Jennings | 3 days ago 0

Top Stories

AI and ML in Security Application Security Cybersecurity Featured News Security Awareness Security Boulevard (Original) Security Operations Social - Facebook Social - X Threat Intelligence Threats & Breaches Vulnerabilities

Vulnerabilities for AI and ML Applications are Skyrocketing

April 18, 2024 Nathan Eddy | Yesterday 0

Cybersecurity Data Security Endpoint Featured Malware Network Security News Security Boulevard (Original) Spotlight Threat Intelligence

Cheap ‘Junk-Gun Ransomware’ Emerging on the Dark Web

April 18, 2024 Jeffrey Burt | Yesterday 0

Cybersecurity Featured News Security Boulevard (Original) Social - Facebook Social - LinkedIn Social - X Spotlight

Cisco Taps AI and eBPF to Automate Security Operations

April 18, 2024 Michael Vizard | Yesterday 0

Security Humor

Randall Munroe’s XKCD ‘Eclipse Path Maps’

Randall Munroe’s XKCD ‘Eclipse Path Maps’

Download Free eBook

The State of Cloud Native Security 2020

Join the Community

Add your blog to Security Creators Network
Write for Security Boulevard
Bloggers Meetup and Awards
Ask a Question
Email: [email protected]

Useful Links

About
Media Kit
Sponsor Info
Copyright
TOS
DMCA Compliance Statement
Privacy Policy

Related Sites

Techstrong Group
Cloud Native Now
DevOps.com
Digital CxO
Techstrong Research
Techstrong TV
Techstrong.tv Podcast
DevOps Chat
DevOps Dozen
DevOps TV

Powered by Techstrong Group

Copyright © 2024 Techstrong Group Inc. All rights reserved.