Safari exploit allows attackers to spoof URLs

By

Whatever, Safari. I'm not believing a thing you say anymore.
Whatever, Safari. I'm not believing a thing you say anymore.
Screenshot: Evan Killham/Cult of Mac

Tech-wizard scientists have discovered a crack in the Safari web browser’s armor that will let evildoers trick it into showing false information in its address bar.

The exploit could lead to users giving up sensitive information when they think they’re just trying to buy some pants or something.

Security firm Deusen, which uncovered a serious bug in Internet Explorer back in February, showed the trick to Ars Technica. The exploit works by using a short script to force Safari to load another page while still displaying the URL for the original destination (see above).

Deusen has posted its demonstration online. Clicking “Go” on that page in Safari will return the reality-bending, not-Daily Mail page. If you click it in Chrome, however, it’ll just twitch around a lot and then send you to the real Daily Mail.

… or does it?

I don’t know what’s real anymore.