Although most Apple users install the updates, there is always an exception. If you are one of those who do not update their devices, you should know that the letter “d” is not always the letter “d” when it appears in the Safari address bar.
It may not sound serious to you, but it is a very important one problem because it can lead you into misadventures according to various security researchers.
IDN spoofing attacks can be performed if you write a domain name with characters Unicode which look like standard Latin letters, but are not.
These domains are used for phishing, and they deceive users to think they have access to a regular site instead of a cleverly created clone.
Xisigr, a security researcher at Tencent Security Xuanwu Lab, found out recently how Apple products handle Unicode characters.
This, which he found the researcher is that Apple has done a good job with most Unicode characters, except one that is letter letter (ꝱ) (U + A771).
The character looks like a regular letter 'd', except it also features a lower apostrophe. So xisigr discovered that Safari was not showing the apostrophe, but was showing the letter dum as the Latin letter d.
The researcher reported his findings to Apple, which released security updates in July for Safari, and the software for iOS, macOS, tvOS and watchOS.
______________________
- Turkey's Vestel Venus Z20 the desperate boycott
- Decline in iPhone sales, Xiaomi's impressive growth
- Microsoft: Padlock in the Hotfix service