Security

Apple Users Not Running The Latest Security Update Might Find Themselves In A Curious Problem

If you’re an Apple user then you probably have your latest updates installed, but if you don’t, then you might be walking in shallow waters as there is a curious problem that could lead you towards a phishing attack.

In a recent finding by Tencent Security Xuanwu Lab, the letter ‘d’ as we know it, isn’t what we think it is, when seen in the Safari browser’s address bar where the website URL goes.  The Safari browser displays the Latin ‘dum’ (ꝱ ) as a regular alphabet.

IDN spoof

At first you might think that this is not a big deal but it’s actually quite the opposite. Attackers can fairly easily create spoof websites that have the letter ‘d’ in them and replace the alphabet with the Latin ‘dum’ and then the Safari browser will do the rest and display it as the regular webpage’s name and it just so happens to be that a lot of your favorite websites have this alphabet in their domain name.

This type of an attack is called IDN homograph, wherein the attacker registers a domain name using a look-alike Unicode character in place of the regular English alphabet that we come across in our day-to-day use.

Unicode difference
– lab Tencent

In Google’s Top 10K domain names, about 25% of the websites domain names have the alphabet’ in them. Some of these are linkedin.com, adobe.com, dropbox.com, reddit.com, and the list goes on.

Since the discovery of this issue Tencent has reported their findings to Apple who issued a security update in July which then fixed the problem. If you are one of those people who does not update their devices then here is another reason to do so and be safe from any sort of phishing attack that might involve impersonation of your favorite web pages and if you still don’t want to update, then just look out for those D’s.

Close