0-day artfully opens the door to phishing

0-day artfully opens the door to phishing

A proof of concept (POC) shows how a JavaScript code can make a user of the Safari browser believe that he is consulting the Daily Mail site as indicated by his address bar when this is by no means the case. The content displayed is actually from deusen.co.uk.

It looks like the POC code forces a Safari user to visit the Daily Mail URL, but the script " quickly loads another URL before the legitimate page can be loaded "Jeremiah Grossman of White Hat Security at Ars Technica explains." He talks about a clever hack.

POC-Safari-DeusenThis is only a demo but malicious exploitation could be much more serious like stealing login credentials or installing malware from a site that we believe to be trusted. For the moment, there is no report of such an attack in the wild.

The vulnerability – dubbed iWhere – affects the most up-to-date versions of Safari for both OS X and iOS. The find is that of a group of security researchers known as Deusen. This group had been talked about last February by disclosing a cross-site scripting (XSS) vulnerability affecting Internet Explorer and leading to hardly detectable phishing.

It remains to be seen what will be the reaction of Apple.