Safari Vulnerability Leaves It’s Users Unsafe -Safari Safe Browsing
After Chrome & Firefox, most people use Safari. And on Jan 20 I reported a vulnerability to Apple Security team and it’s related to Safari Safe Browsing.
Usually when a user visits a malware website, Safari will block and alert the user. And I was trying to bypass the alert. The first attempt I made is old-school technique, that is I used the server IP and I was shocked seeing the result, it worked :O.
So an attacker can share malware website IP to compromise the end-user and Safari will not detect it.
I tried to visit http://murielsa.com/ and it was blocked by Safari but when I tried it’s IP http://108.175.159.82/ it worked!
Now the bug is fixed and the update is available in iOS 9 and OS X Mavericks v10.9.5, OS X Yosemite v10.10.5 and OS X El Capitan v10.11. So Apple acknowledged my name in https://support.apple.com/en-in/HT205212 (iOS) & https://support.apple.com/en-in/HT205265 (OS X) .
