Discover All Perspectives.
Get Started
SubscribeLogin
Champions League
Social Media
Baseball
Drones
Instagram
Hamas
Rugby
Israel-Hamas Conflict
World Cup
US Politics
Vladimir Putin
Donald Trump
Published loading...Updated

Apple Safari Exposes Users to Fullscreen Browser-in-the-Middle Attacks

  • SquareX published research on May 29, 2025, exposing a Safari-specific fullscreen Browser-in-the-Middle attack vulnerability in Palo Alto, California.
  • This flaw arises from Safari’s Fullscreen API lacking clear visual indicators, allowing attackers to hide malicious URLs and create convincing BitM attacks.
  • The attack uses a remote attacker-controlled browser pop-up in fullscreen mode to trick users into entering credentials on fake login pages, bypassing current detection methods.
  • SquareX noted that Fullscreen BitM attacks are especially effective on Safari because the browser does not provide a clear indication when entering fullscreen mode, and Apple has stated they do not intend to resolve this vulnerability.
  • This vulnerability suggests enterprises must adopt browser-native security measures, as existing solutions and EDRs fail to detect such advanced, imperceptible attacks.
Insights by Ground AI
Does this summary seem wrong?

13 Articles

All
Left
Center
1
Right
1
Startups News | Tech NewsStartups News | Tech News
Lean Right

Fullscreen BitM Attack Discovered by SquareX Exploits Browser Fullscreen APIs to Steal Credentials in Safari - Tech Startups

PALO ALTO, California, 29th May 2025, CyberNewsWire The post Fullscreen BitM Attack Discovered by SquareX Exploits Browser Fullscreen APIs to Steal Credentials in Safari first appeared on Tech Startups.

Read Full Article
BleepingComputerBleepingComputer
Center

Apple Safari exposes users to fullscreen browser-in-the-middle attacks

A weakness in Apple's Safari web browser allows threat actors to leverage the fullscreen browser-in-the-middle (BitM) technique to steal account credentials from unsuspecting users. [...]

Read Full Article
Malware Analysis, News and IndicatorsMalware Analysis, News and Indicators

Fullscreen BitM intrusions possible with Safari flaw

Apple's Safari web browser was discovered to have a Fullscreen API security issue, which could be abused to enable fullscreen browser-in-the-middle intrusions concealing the address bar of the parent window, reports Blee…

Read Full Article
01net01net

A 'Critical Flaw' in Safari Puts Apple Users and Their Passwords at Risk

Researchers are accusing Safari of being vulnerable to certain cyberattacks. They say a vulnerability in Apple's browser facilitates so-called "Browser-in-the-Middle" attacks. These sophisticated scams rely on displaying a fake, full-screen web page designed to steal sensitive data, such as passwords.

Read Full Article
unsafe.shunsafe.sh

Apple Safari Full-Screen Mode Exposed Man-in-the-Middle Attack Vulnerability

This article describes the causes and solutions for error code 521.

Read Full Article
SecurityBrief AsiaSecurityBrief Asia
+3 Reposted by 3other sources

Safari users at heightened risk from new fullscreen BitM attack

New research reveals Safari users face heightened risk from advanced Fullscreen Browser-in-the-Middle attacks due to unfixable API flaws undetected by current security tools.

Read Full Article
Think freely.Subscribe and get full access to Ground NewsSubscriptions start at $9.99/yearSubscribe

Bias Distribution

  • 50% of the sources are Center, 50% of the sources lean Right
50% Right
Factuality

To view factuality data please Upgrade to Premium

Ownership

To view ownership data please Upgrade to Vantage

BleepingComputer broke the news in on Thursday, May 29, 2025.
Sources are mostly out of (0)

Similar News Topics

Apple

Apple

Technology

Technology

News
For You
SearchBlindspotLocal