Address bar spoofing flaws are not really new or innovative. In fact, spoofing or masking URLs on desktop web browsers have been an old tactic in hacker text books to dupe users into downloading malware or succumbing to ransomware. However, with time, desktop browsers have added multiple safeguards including certificate authentication and URL inspections built into address bars. This has not been possible with mobile browsers, primarily due to the constraint of screen space. Utilising this, hackers are seemingly running malicious scripts on webpages, which would force a website to reload.
It is during this reload loop that the hackers are routing your webpage to a malicious site. To disguise this bit, the hackers were so far using the address bar vulnerabilities to spoof or mask the URL displayed. As a result, your phone will likely show you a legitimate website address, which as the average, non-savvy user, you may not recognise so easily. The vulnerability is being ranked as critical since this could have led to you downloading malware of varying severities, in turn compromising the security of all data stored on your phone.
According to Rapid7, Apple has already patched the security flaw on Safari, which was last seen in iOS 13.6. Opera, a mostly respected name in the field of web browsers, has also promised…