- Tech
-
-
Tech
The gadgets, platforms, and software that make your digital life possible. If it bleeps, clicks or blinks, you’ll find it here.
-
Devices
-
Categories
-
-
- Internet Culture
-
-
Internet Culture
-
Categories
-
Featured
-
-
- Streaming
-
-
Streaming
-
Services
-
Featured
-
-
- IRL
-
-
IRL
-
Categories
-
Featured
-
-
- Social
-
-
Social
-
Categories
-
Featured
-
-
- Live TV
-
-
Live TV
-
Services
-
Guides
-
-
- More
- Search
See all Editor's Picks →
See all Popular →
Represented by Complex Media, Inc. for advertising sales.
Privacy Policy Terms & Conditions Ethics
Latest
- Did Muslims on Twitter already figure out the twist ending to Netflix’s ‘Messiah’? 1 Year Ago
- How ‘Knives Out’ costume designer Jenny Eagan crafted the coziest film of 2019 Today 11:30 AM
- Photo of Uber office bathrooms renews concerns about treatment of drivers Today 11:29 AM
- Netflix’s ‘Holiday Rush’ is a fun Christmas movie to unwrap and forget Today 11:28 AM
- Tom Holland on the ‘drunk’ phone call that led to Spider-Man staying in the MCU Today 10:47 AM
- Artist banned from Twitch for drawing Alinity Divine’s dog sniffing her butt Today 10:13 AM
- Republicans are still angry over a Barron Trump impeachment joke Today 9:12 AM
- Pelosi calls for House to proceed with impeachment against Trump Today 8:51 AM
- Justin Timberlake posts apology amid cheating rumor Today 7:51 AM
- ‘The Expanse’ makes a triumphant return with season 4 Today 6:30 AM
- ‘A Christmas Prince: The Royal Baby’ is a disappointing sequel Today 5:00 AM
- Spanish ‘Big Brother’ contestant forced to watch footage of her own alleged sexual assault Today 12:35 AM
- There’s a lot you can say during sex and also while at Disney World Wednesday 9:34 PM
- Peloton shows 3 positive emails and a Facebook post to prove its ad wasn’t cringe Wednesday 8:23 PM
- Bhad Bhabie accused of cultural appropriation, then criticized Black women with her defense Wednesday 7:23 PM
Careful what you click: Safari has an unpatched URL vulnerability
It’s a good reminder not to click links in emails.
Security researcher Rafay Baloch disclosed a particularly sneaky-sounding security issue to Apple and Microsoft earlier this summer. Both Apple‘s Safari browser and Microsoft‘s Edge browser could be tricked by a URL spoofing vulnerability, which shows a web user the URL of a “safe” website, when users have in fact inadvertently visited a malicious site. Microsoft patched the vulnerability for its Edge web browser, but Apple hasn’t yet fixed the security issue in Safari.
Baloch details the URL spoofing vulnerability in a blog post. It starts via a standard phishing technique: An email urges you to click a link, which looks like a normal, safe URL. Once tapped, the link sends you to a different destination. Normally, you’d at least notice this discrepancy once the website loaded and you saw the site’s URL. However, because Safari allows the address bar to be updated via Javascript as a site is loading, a website can spoof the safe URL, hiding the fact that you’ve actually landed on a malicious phishing site.
This particular URL spoofing vulnerability is a good reminder not to trust links that are delivered via text or email. If you receive an email from your bank, a security alert for one of your accounts, or an email with a link for obtaining a prize you’ve won, open a new tab and type in the URL directly, rather than clicking the link from the email itself. While it’s a pain, this is particularly important on your phone, as it’s sometimes more difficult to notice the URL you’re being taken to.
Baloch discovered the bug three months ago, at which point he alerted Apple and Microsoft. After waiting the customary 90 days for the URL spoofing vulnerability to be fixed, he publicly disclosed details around the issue. With macOS Mojave likely coming out soon, it’s possible Apple could include a fix in this software update or in a software patch to be delivered in the coming weeks.
H/T the Register

Christina Bonnington
Christina Bonnington is a tech reporter who specializes in consumer gadgets, apps, and the trends shaping the technology industry. Her work has also appeared in Gizmodo, Wired, Refinery29, Slate, Bicycling, and Outside Magazine. She is based in the San Francisco Bay Area and has a background in electrical engineering.