Researchers at cyber-security firm, Rapid7, have claimed that several popular mobile browsers are vulnerable to ten new ‘Address Bar Spoofing’ vulnerabilities, thereby jeopardizing the privacy and digital security of their users. According to the report, the affected browsers include Safari, Opera Touch, Opera Mini, Bilt, RITS, UC Browser and Yandex Browser.
The issues were discovered earlier this year by Rapid7 researchers in association with Pakistani cyber-security analyst, Rafay Baloch, and were reported to the respective developers in August. While Apple has since released a fix for Safari, Opera says it will roll out a patch on November 11. The rest of the developers are said to have either ignored the warnings or failed to follow-up after an initial response.
While address bar spoofing has existed since the early days of the world wide web, most desktop browsers have added several layers pf protection over the years to prevent websites from hiding their true identity from visitors. However, thanks to the space constraint on mobile devices, some of the security checks for spoofing cannot be easily accommodated on mobile devices, making them many times more vulnerable to such attacks.
You can learn more technical details about the findings on Baloch’s website or the Rapid7 blog.