A new security vulnerability has been discovered in Apple’s Safari web browser that could make it easier for attackers to steal your sensitive login information. This flaw relates to how Safari handles fullscreen mode, potentially enabling a sophisticated type of phishing attack known as “Browser-in-the-Middle” (BitM). Essentially, attackers can create fake login screens that are much harder to distinguish from the real ones, specifically targeting Safari users due to how the browser displays fullscreen content. This means your passwords for various online accounts could be at greater risk.
Contents
What is a ‘Browser-in-the-Middle’ (BitM) Attack?
Think of a BitM attack as a high-tech imposter sitting between you and a website you want to visit. Instead of directly connecting to the real site (like your bank or email), you are tricked into connecting to an attacker-controlled system. This system then connects to the real website and shows you what looks like the legitimate page.
The attacker uses special tools to display this legitimate page within a window on your computer. When you try to log in by typing your username and password into this window, you’re actually sending that information directly to the attacker, not the real website. The attacker captures your credentials and might even forward them to the real site so you log in successfully, making you unaware that your details have just been stolen.
How the Fullscreen Trick Makes it Worse
The biggest challenge for scammers using BitM is making their fake window look convincing. Normally, you’d check the website address in your browser’s URL bar to ensure you’re on the right site.
This is where the fullscreen vulnerability comes in. Browsers have a feature called the Fullscreen API, which allows web content (like videos or games) to take over your entire screen. Attackers can abuse this API to make their malicious BitM window go fullscreen.
When the attacker’s window goes fullscreen, it can effectively hide the real browser interface, including the crucial URL address bar. This makes it incredibly difficult to verify if you’re on the legitimate site or just looking at a fullscreen fake page controlled by the attacker.
Getting you to the initial fake site that launches this attack usually happens through common phishing methods, such as deceptive ads you see online or malicious links shared via email or social media.
Why Safari is More Vulnerable Here
While the fullscreen trick can be attempted on most browsers, security researchers from SquareX found it’s particularly effective and dangerous on Safari.
Here’s why: Other popular browsers, like Google Chrome and Mozilla Firefox, provide clear visual cues when a website enters fullscreen mode. They typically display a prominent message or indicator telling you that you are now in fullscreen. This serves as a useful warning signal that something has changed and prompts you to be cautious.
Comparison showing the clear fullscreen mode warning messages displayed in the Firefox browser (left) and Google Chrome browser (right).
Safari, however, does not show a clear alert or message. According to the researchers, the only indication is a subtle animation as the window expands to fullscreen. This small visual change is easily missed by most users who aren’t actively looking for it, making it simple for the attacker’s fullscreen fake window to perfectly mimic the real login page without triggering suspicion. This lack of a strong warning makes the BitM attack significantly more convincing for Safari users.
What Apple Says About It
SquareX researchers responsibly reported their findings about this specific fullscreen vulnerability to Apple.
However, according to the researchers, Apple responded by stating they would “not fix” the issue by adding a more prominent warning. Apple reportedly indicated that the existing subtle animation when entering fullscreen was sufficient to alert users to the change. As of the original report, it appears Apple does not plan to implement a clearer visual cue like those found in Chrome or Firefox.
What This Means for You
This discovery highlights a specific risk for users who primarily use Safari for browsing and logging into accounts. While the underlying BitM attack method isn’t new, the way it exploits Safari’s fullscreen behavior makes it a more potent threat on that platform.
Key Takeaway: Be extra vigilant when logging into sensitive accounts using Safari. Always pay close attention to the website address in the URL bar before typing in your credentials. Be wary if a website suddenly goes fullscreen unexpectedly, especially if you’re about to log in. Since Safari lacks a clear fullscreen warning, it’s up to you to notice any sudden layout changes that might indicate a fullscreen takeover.
Staying informed about the latest phishing techniques and browser security practices is your best defense against attacks like these.
