Safari exploit allows attackers to spoof URLs

Tech-wizard scientists have discovered a crack in the Safari web browser’s armor that will let evildoers trick it into showing false information in its address bar.

The exploit could lead to users giving up sensitive information when they think they’re just trying to buy some pants or something.

Security firm Deusen, which uncovered a serious bug in Internet Explorer back in February, showed the trick to Ars Technica. The exploit works by using a short script to force Safari to load another page while still displaying the URL for the original destination (see above).

Deusen has posted its demonstration online. Clicking “Go” on that page in Safari will return the reality-bending, not-Daily Mail page. If you click it in Chrome, however, it’ll just twitch around a lot and then send you to the real Daily Mail.

… or does it?

I don’t know what’s real anymore.

Evan Killham

Evan Killham is a freelance writer who lives in Nebraska and isn’t interested in football, so he has plenty of time to play and think about video games. He has written for Bitmob and GamesBeat and sometimes, he even goes outside. But not too often because he’s heard there are bees out there. Occasionally, companies send free units for review. Evan subscribes to Cult of Mac’s Reviews Policy and also does not keep the items he receives for possible coverage.