Apple Safari exposes users to fullscreen browser-in-the-middle attacks

A weakness in Apple's Safari web browser allows threat actors to leverage the fullscreen browser-in-the-middle (BitM) technique to steal account credentials from unsuspecting users. By abusing the Fullscreen API, which instructs any content on a webpage to enter the browser's fullscreen viewing mode, hackers can exploit the shortcoming to make guardrails less visible on Chromium-based browsers and trick victims into typing sensitive data in an attacker-controlled window. SquareX researchers observed an increase use of this type of malicious activity and say that such attacks are particularly dangerous for Safari users, as Apple’s browser fails to properly alert users when a browser window enters fullscreen mode. “SquareX’s research team has observed multiple instances of the browser’s FullScreen API being exploited to address this flaw by displaying a fullscreen BitM window that covers the parent window’s address bar, as well as a limitation specific to Safari browsers that makes fu ... Read full article.