{"id":215045,"date":"2025-05-30T06:07:03","date_gmt":"2025-05-30T11:07:03","guid":{"rendered":"https:\/\/lifeboat.com\/blog\/2025\/05\/apple-safari-exposes-users-to-fullscreen-browser-in-the-middle-attacks"},"modified":"2025-05-30T06:07:03","modified_gmt":"2025-05-30T11:07:03","slug":"apple-safari-exposes-users-to-fullscreen-browser-in-the-middle-attacks","status":"publish","type":"post","link":"https:\/\/lifeboat.com\/blog\/2025\/05\/apple-safari-exposes-users-to-fullscreen-browser-in-the-middle-attacks","title":{"rendered":"Apple Safari exposes users to fullscreen browser-in-the-middle attacks"},"content":{"rendered":"<p><\/p>\n<p><iframe style=\"display: block; margin: 0 auto; width: 100%; aspect-ratio: 4\/3; object-fit: contain;\" src=\"https:\/\/www.youtube.com\/embed\/9C4JRaBg2cY?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; encrypted-media; gyroscope;\n   picture-in-picture\" allowfullscreen><\/iframe><\/p>\n<p>A weakness in Apple\u2019s Safari web browser allows threat actors to leverage the fullscreen browser-in-the-middle (BitM) technique to steal account credentials from unsuspecting users.<\/p>\n<p>By abusing the Fullscreen API, which instructs any content on a webpage to enter the browser\u2019s fullscreen viewing mode, hackers can exploit the shortcoming to make guardrails less visible on Chromium-based browsers and trick victims into typing sensitive data in an attacker-controlled window.<\/p>\n<p>SquareX researchers observed an increase use of this type of malicious activity and say that such attacks are particularly dangerous for Safari users, as Apple\u2019s browser fails to properly alert users when a browser window enters fullscreen mode.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>A weakness in Apple\u2019s Safari web browser allows threat actors to leverage the fullscreen browser-in-the-middle (BitM) technique to steal account credentials from unsuspecting users. By abusing the Fullscreen API, which instructs any content on a webpage to enter the browser\u2019s fullscreen viewing mode, hackers can exploit the shortcoming to make guardrails less visible on Chromium-based [\u2026]<\/p>\n","protected":false},"author":427,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[20],"tags":[],"class_list":["post-215045","post","type-post","status-publish","format-standard","hentry","category-futurism"],"_links":{"self":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/215045","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/users\/427"}],"replies":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/comments?post=215045"}],"version-history":[{"count":0,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/215045\/revisions"}],"wp:attachment":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/media?parent=215045"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/categories?post=215045"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/tags?post=215045"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}