Rapid7 analysts and Rafay Baloch, an independent information security expert discoveredthat seven popular mobile browsers allow malicious sites to change the URL and display a fake in the address bar.
Basically, the problem of address bar spoofing has been around for as long as the Internet itself. And while modern desktop browsers have many security mechanisms that make it easy to detect a fake URL, mobile browsers cannot. The fact is that on mobile devices, screen size matters a lot, and therefore many security measures had to be neglected here.
As mentioned above, the researchers found that seven mobile browsers are vulnerable to such spoofing. These are Apple Safari, Opera Touch and Opera Mini, Bolt, RITS, UC Browser, and Yandex.Browser.
The vulnerabilities were identified this summer, and the researchers notified the developers of the problems in August. As you can see in the table below, large vendors eliminated vulnerabilities very quickly, while small ones did not even bother to respond to specialists, let alone release patches.
Experts strongly recommend that users update their browsers, and if patches are still missing, use other, more secure applications.