back to article Safari, Edge fans: Is that really the website you think you're visiting? URL spoof bug blabbed

A security researcher has disclosed a bug that could be abused to spoof website addresses in either Edge or Safari. Rafay Baloch told The Register that while Microsoft has since patched the flaw (CVE-2018-8383) in its browser, Apple has been dragging its feet on a fix for Safari for weeks, and the browser remains vulnerable …

  1. Anonymous Coward
    Anonymous Coward

    Edge has fans???

    That's the real news here

    A browser with IE3 feature set, and a UI so minimal it was obviously designed by someone from the windows 10 disaster.

    I only use Edge when forced to do so by Microsoft product tying (SharePoint) in their desperate bid to win back market share.

    Isn't product tying one of the key anti-competitive practices.?.

    1. chivo243 Silver badge
      Happy

      Re: Edge has fans???

      @AC

      I see both Edge users have down voted you!

      1. Anonymous Coward
        Anonymous Coward

        Re: Edge has fans???

        Oh no, there's a 3rd - must have been reading this while downloading a real browser.

      2. illuminatus

        Re: Edge has fans???

        "Aw fuck, there's 8 o' them!"

    2. Cuddles Silver badge

      Re: Edge has fans???

      "I only use Edge when forced to do so by Microsoft product tying (SharePoint) in their desperate bid to win back market share."

      Product tying with Sharepoint? Works perfectly well in Firefox and Chrome when we're forced to use it at work.

    3. Narg

      Re: Edge has fans???

      Here's some news for you idiots. Edge has been patched on this flaw, Safari has not. Besides what company does NOT tie other products together? Grow a pair.

  2. A.P. Veening Silver badge

    Responsible disclosure

    I'd give it another 30 days for Apple to release a patch, but I would certainly post the POC after 120 days.

    1. GnuTzu
      Megaphone

      Re: Responsible disclosure -- Responsible Display

      That URL bar needs to tell the truth. We've already seen hacks using look-alike international characters.

  3. DJV Silver badge

    "We've yet to hear from Apple about the state of its flaw"

    "We've yet to hear from Apple about anything"

    FTFY

  4. Anonymous Coward
    Anonymous Coward

    Safari's broken affairs...

    I'm not surprised with Apple's ignorance, typical. The browser anyway is a mega crap for self-determined masochists.

    1. Dan 55 Silver badge

      Re: Safari's broken affairs...

      It does work for eBay, unlike Firefox ESR 52.9.0 where that bug will never be fixed because I'm not updating it. Ever.

      (Looking at Waterfox...)

      1. EnviableOne Silver badge

        Re: Safari's broken affairs...

        ahh come on, if intell hadnt spectre'd up their speculative execution, FF Quantum was a shot in the arm and a lot quicker at loading

        and to be fair, ESR 60.2 isnt half bad and leaps and bounds ahead of 60, i've nearly got it back to what it was on 52.8

        NPAPI needed to go the journey

  5. GeekyDee

    I don't know

    They could probably fix it by hiding some of the URL with some more code, maybe?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021