Apple’s Safari, Microsoft’s Edge vulnerable to cyber criminals

McAfee security expert Gary Davis urged users to not leave their computers unattended since the hacker would require physical access to a user’s computer.

Published: 15th September 2018 05:53 AM  |   Last Updated: 15th September 2018 05:53 AM   |  A+A-

Express News Service

HYDERABAD:  Security experts on Friday urged netizens to keep off Apple’s Safari and Microsoft’s Edge for the time being and instead use other browsers until the detected security flaws are rectified. A bug in the two browsers could allow a cyber-criminal to edit a website address while a page is being loaded, and could redirect one to a fake/malicious website.

The threat came was observed on Wednesday after it was detected by Rafay Baloch, a security expert, who found that a delay while loading a website, induced by ‘setInterval’ function, managed to trigger address bar spoofing in the browsers. Baloch said, “It could potentially trick users into supplying sensitive information to a malicious website due to the fact that it could easily lead the users to believe that they are visiting is legitimate website as the address bar points to the correct website.”

Srinivas Kodali, an independent security researcher, said, “Since not all security issues will be resolved immediately, the next best thing to do would be to use an alternative software until a security update is available.” Since the red flagging of the issue, Microsoft and Apple have been intimated of the vulnerability. As of now, though Microsoft has issued a fix, Apple has not, leaving millions of users at risk. 

McAfee security expert Gary Davis urged users to not leave their computers unattended since the hacker would require physical access to a user’s computer. “Now that this vulnerability has been disclosed, it’s important that you keep a close eye on your computer until you apply any necessary updates,” he said. He also urged netizens to update software whenever their is an update available. “If you tend to forget to update your browser, a simple trick is just turning on automatic update,” Davis said. That apart, since it’s tricky to identify malicious websites from authentic ones, he recommended investing in a good antivirus.

Stay up to date on all the latest Hyderabad news with The New Indian Express App. Download now
(Get the news that matters from New Indian Express on WhatsApp. Click this link and hit 'Click to Subscribe'. Follow the instructions after that.)

Comments

Disclaimer : We respect your thoughts and views! But we need to be judicious while moderating your comments. All the comments will be moderated by the newindianexpress.com editorial. Abstain from posting comments that are obscene, defamatory or inflammatory, and do not indulge in personal attacks. Try to avoid outside hyperlinks inside the comment. Help us delete comments that do not follow these guidelines.

The views expressed in comments published on newindianexpress.com are those of the comment writers alone. They do not represent the views or opinions of newindianexpress.com or its staff, nor do they represent the views or opinions of The New Indian Express Group, or any entity of, or affiliated with, The New Indian Express Group. newindianexpress.com reserves the right to take any or all comments down at any time.

facebook twitter whatsapp