bleepingcomputer[.]com/news/security/apple-safari-exposes-users-to-fullscreen-browser-in-the-middle-attacks/
A weakness in Apple's Safari web browser allows threat actors to leverage the fullscreen browser-in-the-middle (BitM) technique to steal account credentials from unsuspecting users.By abusing the Fullscreen API, which instructs any content on a webpage to enter the browser's fullscreen viewing mode, hackers can exploit the shortcoming to make guardrails less visible on Chromium-based browsers and trick victims into typing sensitive data in an attacker-controlled window.
SquareX researchers observed an increase use of this type of malicious activity and say that such attacks are particularly dangerous for Safari users, as Apple’s browser fails to properly alert users when a browser window enters fullscreen mode.
“SquareX’s research team has observed multiple instances of the browser’s FullScreen API being exploited to address this flaw by displaying a fullscreen BitM window that covers the parent window’s address bar, as well as a limitation specific to Safari browsers that makes fullscreen BitM attacks especially convincing,” describes the report.
The researchers explain that Firefox and Chromium-based browsers (e.g. Chrome and Edge) show an alert whenever fullscreen is active. Although many users may miss the warning, it is still a guardrail that lowers the risk of a BitM attack.However, on Safari there is no alert and the only sign of a browser entering fullscreen mode is a “swipe” animation that can be easily missed.
"While the attack works on all browsers, fullscreen BiTM attacks are particularly convincing on Safari browsers due to the lack of clear visual cues when going fullscreen," SquareX researchers say.
SquareX contacted Apple with its findings and received a “wontfix” reply, the explanation received being that the animation is present to indicate changes, and that should be enough.