CyberSecurity news
FlagThis
CyberNewswire@hackread.com
//
SquareX has released new threat research highlighting a sophisticated Fullscreen Browser-in-the-Middle (BitM) attack that targets Apple Safari users. This attack exploits a flaw in the browser's Fullscreen API, allowing attackers to create a convincing fullscreen window that mimics a legitimate login page. By using a remote browser, victims are tricked into interacting with an attacker-controlled browser via a pop-up window, divulging credentials and other sensitive information, thinking they are using a regular browser window. Mandiant has highlighted the increasing use of BitM attacks to steal credentials and gain unauthorized access to enterprise SaaS apps.
The Safari-specific implementation flaw uses the Fullscreen API to create a BitM window in fullscreen mode, concealing the suspicious URL from the parent window. Safari users are particularly vulnerable due to the lack of clear visual indicators when entering fullscreen mode, making it difficult to distinguish between a legitimate page and a fake one. Attackers can easily embed a fake login button within the pop-up window that triggers the Fullscreen API upon being clicked. The current Fullscreen API requires user interaction to trigger fullscreen mode, but it does not specify the type of interaction required.
SquareX disclosed this vulnerability to Apple, but they were informed that there is no plan to address the issue. According to SquareX researchers, the Fullscreen BitM attack highlights architectural and design flaws in browser APIs, specifically the Fullscreen API. They emphasized that users could unknowingly click on a fake button and trigger a fullscreen BitM window, especially in Safari, where the lack of clear fullscreen mode cues allows threat actors to steal user credentials stealthily. This exploit renders existing security solutions obsolete when it comes to detecting this type of BitM attack.
ImgSrc: hackread.com
References :
The Safari-specific implementation flaw uses the Fullscreen API to create a BitM window in fullscreen mode, concealing the suspicious URL from the parent window. Safari users are particularly vulnerable due to the lack of clear visual indicators when entering fullscreen mode, making it difficult to distinguish between a legitimate page and a fake one. Attackers can easily embed a fake login button within the pop-up window that triggers the Fullscreen API upon being clicked. The current Fullscreen API requires user interaction to trigger fullscreen mode, but it does not specify the type of interaction required.
SquareX disclosed this vulnerability to Apple, but they were informed that there is no plan to address the issue. According to SquareX researchers, the Fullscreen BitM attack highlights architectural and design flaws in browser APIs, specifically the Fullscreen API. They emphasized that users could unknowingly click on a fake button and trigger a fullscreen BitM window, especially in Safari, where the lack of clear fullscreen mode cues allows threat actors to steal user credentials stealthily. This exploit renders existing security solutions obsolete when it comes to detecting this type of BitM attack.
ImgSrc: hackread.com
Share:
References :
- hackernoon.com: Fullscreen BitM Attack Discovered By SquareX Exploits Browser Fullscreen APIs To Steal Credentials
- cyberinsider.com: Apple Safari Users Vulnerable to Stealthy Browser Attacks
- BleepingComputer: Apple Safari exposes users to fullscreen browser-in-the-middle attacks
- CyberInsider: Apple Safari Users Vulnerable to Stealthy Browser Attacks
- Daily CyberSecurity: Fullscreen BitM Attack Discovered by SquareX Exploits Browser Fullscreen APIs to Steal Credentials in Safari
- hackread.com: Fullscreen BitM Attack Discovered by SquareX Exploits Browser Fullscreen APIs to Steal Credentials in Safari
Classification:
- HashTags: #BitM #Safari #Phishing
- Company: SquareX
- Target: Safari users
- Product: Safari
- Feature: Browser-in-the-Middle Attack
- Type: Hack
- Severity: Medium