- Jacob Wohl returns to Twitter … for now Today 1:56 PM
- How to stream WWE Raw Reunion Today 1:35 PM
- ‘I hope Trump deports you’: Woman goes on racist rant to Spanish speakers at a store Today 1:24 PM
- Emoji Mashup Bot gives life to unidentifiable emotions Today 1:15 PM
- Notorious grifter Anna Sorokin reportedly blocked from profiting off Netflix series Today 12:45 PM
- Charlottesville attacker’s Twitter account included praise for Hitler Today 12:10 PM
- ‘Short Treks’ trailer: Spock, Pike, and Number One return Today 11:57 AM
- Everything we know about ‘Star Trek: Lower Decks,’ the new animated show Today 11:55 AM
- Cole Carrigan says he left Team 10 after being called homophobic slur Today 11:32 AM
- Cop under investigation after implying Ocasio-Cortez should be shot Today 11:07 AM
- The ‘Big Little Lies’ finale sucked—but at least we have Renata Today 11:01 AM
- Wendy Davis announces she’s running for Congress Today 10:45 AM
- Please stop being horny on main for #IceBae and other horrible people Today 10:02 AM
- Illinois Republicans share ‘jihad squad’ meme of 4 Dem congresswomen Today 9:05 AM
- How a deepfake gets made Today 8:25 AM
Security researcher Rafay Baloch disclosed a particularly sneaky-sounding security issue to Apple and Microsoft earlier this summer. Both Apple‘s Safari browser and Microsoft‘s Edge browser could be tricked by a URL spoofing vulnerability, which shows a web user the URL of a “safe” website, when users have in fact inadvertently visited a malicious site. Microsoft patched the vulnerability for its Edge web browser, but Apple hasn’t yet fixed the security issue in Safari.
This particular URL spoofing vulnerability is a good reminder not to trust links that are delivered via text or email. If you receive an email from your bank, a security alert for one of your accounts, or an email with a link for obtaining a prize you’ve won, open a new tab and type in the URL directly, rather than clicking the link from the email itself. While it’s a pain, this is particularly important on your phone, as it’s sometimes more difficult to notice the URL you’re being taken to.
Baloch discovered the bug three months ago, at which point he alerted Apple and Microsoft. After waiting the customary 90 days for the URL spoofing vulnerability to be fixed, he publicly disclosed details around the issue. With macOS Mojave likely coming out soon, it’s possible Apple could include a fix in this software update or in a software patch to be delivered in the coming weeks.
H/T the Register
Christina Bonnington is a tech reporter who specializes in consumer gadgets, apps, and the trends shaping the technology industry. Her work has also appeared in Gizmodo, Wired, Refinery29, Slate, Bicycling, and Outside Magazine. She is based in the San Francisco Bay Area and has a background in electrical engineering.