Another serious vulnerability was found by specialists of the Chinese company Tencent Xuanwu Security Lab. The experts found an error in Safari. According to them, the branded browser has a weakness – using a special sequence of actions, hackers can disguise the address of a malicious web site so that it appears as genuine. The error was global and affected all iOS versions up to 11.4.1, and macOS to 10.13.6.
According to experts, the problem is the place to be on both mobile and desktop version of Safari. The fact is that the brand Apple, some encoded characters are displayed as normal letters. For example, attackers can replace the letter d in the symbol of the dum of the Unicode domain name, and then send a link to a malicious site disguised as a valid. Due to the fact that apparently the link is no different from the genuine, the user may not notice the difference and thus convey your confidential information to remote hackers.
To illustrate, security professionals have replaced domain iCloud.com on fake. Remarkably, the problem was only exposed to the browser Safari, then in the address bar Shoma Google, Microsoft and Firefox Edge was clearly visible to a malicious domain.
According to the hackers, all necessary information was sent to Apple in April. However, the problem was corrected only with the release of macOS Mojave and iOS 12. Since the vulnerability has been deemed critical, all iPhone and iPad users with iOS 11.4.1 and below, as well as the owners of Mac computers with installed macOS High Sierra 10.13.6 or older versions, recommended as soon as possible to upgrade to the latest version.