Security Bugs in Apple’s Safari Browser Makes Iphone Users Vulnerable to Hacking Attack

iPhone users are once again become prone to hacking attack. Personal data of around 1 Billion users of iPhone became vulnerable as Apple's default internet browser, Safari, has been detected with a security flaw that the hackers may exploit.

Rafay Baloch, the information security expert of Pakistan, caught hold of the security flaws in the Safari browser as well as default browser of Microsoft called Edge, a few months ago.

As far as the standard practice goes of alerting the companies about the loopholes, Baloch issued an alert privately to both the companies, telling them that the security flaw can be exploited by the hackers while imitating websites, for which they would not even require to change the browser's URL addresses.

As per the details shared by Baloch with Samaa Digital, it was informed that the attackers can load pages on the Safari and Edge browsers that were having fake log-ins as well as other forms without even altering the URLs. Those valid URLs hence gave the impression to the users that the pages are legitimate.

Baloch, on this, further commented that, "this flaw undermines Google's claim that the address bar is the only reliable security indicator in modern browsers".

After Baloch, the information security expert, shared his findings and evidences of security flaws with the companies, Microsoft came into action and resolved the issue. However, Apple is yet to resolve the issue as the problem on its browser still exists. Hence, the iPhone users are still vulnerable to the spoofing attack.

Jonathan, from Product Security Department of Apple, wrote back to Rafay Baloch that, "to avoid placing our customers at risk, we would appreciate you not disclosing this information until our investigation is complete and any necessary updates are publicly available".

However, Baloch insisted that a responsible disclosure was made by him, and as per the international practice, Apple was given more than 100 days to fix the security issue before it was made public. Baloch has made Youtube videos demonstrating how hackers can use the bug to imitate a website for stealing information of users such as usernames and passwords.

In earlier instances, Baloch has helped Paypal, Google and many other tech firms to fix the security flaws within their information systems. His work has already earned him praise and accolades, and has made him one of world's leading experts in information security.

» SPAMfighter News - 9/26/2018