Security researchers have discovered a new phishing technique that exploits a Safari browser feature to steal user credentials. The attack uses the Fullscreen API to hide visual cues and trick users into entering sensitive information into a remote browser controlled by hackers.
How the Attack Works
According to cybersecurity firm SquareX, attackers are abusing Safari’s Fullscreen API to launch a “browser-in-the-middle” (BitM) attack. This method involves:
- Forcing the browser into fullscreen mode
- Hiding the address bar and system UI
- Displaying a fake login page from a remote browser
Victims believe they are logging into a legitimate site on their own device. In reality, they are entering credentials into a browser session controlled by the attacker.
Why Safari Is Especially Vulnerable
SquareX researchers say Safari lacks clear alerts when entering fullscreen mode. Unlike Chrome or Firefox, which display a notification, Safari only shows a subtle swipe animation—something users can easily miss.
This makes the attack more convincing on Apple’s browser. The fullscreen window can completely cover the original browser interface, leaving users unaware they are interacting with a fake environment.
“Fullscreen BitM attacks are particularly convincing on Safari due to the lack of clear visual cues,” SquareX noted.
Apple’s Response
SquareX reported the issue to Apple. However, the company has decided not to take further action. Apple believes the existing swipe animation is a sufficient warning for users.
Other browsers, such as those based on Chromium or Firefox, provide more noticeable alerts when fullscreen mode is activated, reducing the risk of deception.
What’s at Risk
Once users enter their login details, attackers can collect:
- Usernames and passwords
- Authentication cookies
- Other sensitive session data
This stolen information can then be used to access personal accounts, financial services, or corporate systems.
Final Thoughts
While the attack can affect all browsers, Safari users are at greater risk due to its minimal fullscreen warnings. Experts recommend staying alert when a browser suddenly enters fullscreen mode and avoiding entering credentials unless you’re certain of the site’s authenticity.
For more details, visit the original report via BleepingComputer.
