If you're using either Safari (or earlier in the week, Edge), you might be in for a little paranoia. Security researchers have discovered a flaw in the two browsers which allowed hackers to spoof website addresses.
Microsoft has already patched the vulnerability in its Edge browser, while Apple's Safari remains vulnerable to this moment, it was said.
So, how does the vulnerability work? In layman's terms, a victim could start loading the real page, making the URL appear in the address bar. Then, in the middle of it all, the code in the page could move the victim to a more malicious address, while the URL stays the same.
Say hello to fake login screens and landing pages.
"During my testing, it was observed that upon requesting data from a non-existent port the address was preserved and hence due to a race condition over a resource requested from non-existent port combined with the delay induced by setInterval function managed to trigger address bar spoofing," Rafay Baloch, who discovered the vulnerabilities, told The Register (opens in new tab).
"It causes browser to preserve the address bar and to load the content from the spoofed page. The browser will however eventually load the resource, however the delay induced with setInterval function would be enough to trigger the address bar spoofing."
Apple has yet to release a patch for the issue, but has been alerted to the problem.
Image source: Shutterstock/Sergey Nivens