A newly discovered vulnerability in Apple’s Safari web browser exposes users to fullscreen browser-in-the-middle (BitM) attacks, enabling cybercriminals to steal sensitive account information. The issue arises from the exploitation of the Fullscreen API, which allows websites to enter fullscreen mode and can obscure crucial visual security cues for users, making them susceptible to attacks.
SquareX researchers have reported a surge in such malicious activities, highlighting that Safari’s lack of user alerts when a browser window transitions to fullscreen mode presents a unique risk. Often, victims are tricked into supplying their credentials within an attacker-controlled window masquerading as a legitimate login page, while their actual browser remains visible.
The BitM attack technique primarily relies on duping users into clicking on malicious links, directing them to fake sites that impersonate popular services. This can easily happen through various channels, such as sponsored ads and social media posts. Once users enter their login details in the fake window, their credentials are collected by the attacker, although the victim may believe they are successfully accessing their account.
Unlike Safari, other browsers like Firefox and Chrome provide alerts when a fullscreen session is active, although many users might overlook these notifications. The researchers from SquareX underscore the danger of this exploit on Safari, given its insufficient visual cues during fullscreen transitions. In a communication with Apple, SquareX received a response indicating that they would not be fixing the issue, asserting that existing animations should suffice to inform users of the changes.