Security researcher company Tencent Security, known under the pseudonym xisigr, disclosed details about the vulnerability (CVE-2018-4277) in Apple products that allows for the spoofing of domains by using homograph attacks.
Homograph attacks are known since 2001 and are based on the possibility to include domain names in Unicode characters in IDN technology. An attacker can register a domain name very similar to the already existing, but differing from it by one letter, similar in writing. As a rule, is a letter from another alphabet (e.g. Cyrillic).
SecurityLab previously reported that homograph attacks vulnerable browsers Chrome, Firefox and Opera, and now to this list was added to Safari. According to xisigr, the attackers can enter the browser confusing, using the domain name, the symbol dum (U+A771), very similar to the lowercase Latin letter d (U+0064).
The symbol differs from the letter by a small dash at the bottom, however in Safari it does not display, and both sign in the browser look exactly the same. This can be exploited and register similar to the popular services are domain names (for example, iCloud, Adobe, LinkedIn, etc.), where instead of the Latin letter “d” symbol is used dum. Users will enter a fake domain in the full confidence that the visit of the famous site, thereby giving attackers unlimited opportunities for fraud.
The researcher informed Apple about the vulnerability, and the company fixed it in July of this year.
Read more •••