Rapid7 found Apple’s Safari browser, as well as the Opera Mini and Yandex browsers, were vulnerable to JavaScript-based address bar spoofing. The infosec outfit, along with its “longtime mobile hacker friend Rafay Baloch,” discovered the software could be tricked into displaying the URL of one website while loading and displaying content from another.

Read full article on The Register