Safari’s Fullscreen Fumble: Apple’s Browser Leaves Users Vulnerable to Sneaky BitM Attacks

Safari users, beware! A weakness in Apple’s browser lets hackers use the fullscreen browser-in-the-middle technique to snag your passwords. Safari forgets to sound the “fullscreen alert” alarm, making it easier for cyber tricksters to pull a fast one on you. Remember, not all fullscreen moments are created equal—keep an eye out!

3P
Published: May 29, 2025 4:09 pmAdded: May 29, 2025 at 9:45 amAssembled by: The Editor
Pro Dashboard

Hot Take:

Oh Apple, you had one job! Safari users might just need a safari hat to shield them from these cyber lions. While Apple is busy making their devices shinier, hackers are busy exploiting their lack of fullscreen alerts. It’s like giving a free pass to the world’s worst magic show, where your passwords disappear faster than you can say “fullscreen API!”

Key Points:

  • Safari’s lack of proper alerts makes fullscreen BitM attacks more convincing.
  • Fullscreen API is being exploited to hide browser guardrails.
  • SquareX researchers identified the vulnerability and reported it to Apple.
  • Apple’s response was a “wontfix,” claiming their animation is sufficient.
  • Users are tricked into entering credentials on attacker-controlled windows.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?