Unpatched Flaw in UC Browser Apps Could Let Hackers Launch Phishing Attacks

UC Browser Apps

Threat summary

This affect latest UC Browser version 12.11.2.1184 and UC Browser Mini version 12.10.1.1192. The vulnerability resides in the way User Interface on both browsers handles a special built-in feature that was otherwise designed to improve users Google search experience.The vulnerability, which has no CVE identifier as its discovered so recently, Browser could allow an attacker to control URL string displayed in the address bar, eventually letting a malicious website to pose as some legitimate site.Though the flaw is like MI browser that comes pre-installed on Xiaomi smartphones and the Mint browser, phishing pages served using the newly discovered vulnerability in UC Browser still leaves some indicators that cautious users can spot.

Browser Analysis

When users search something on “google.com” for example using UC Browsers, the browsers automatically remove the domain from the address bar and rewrite it only to display the search query string to the user.The URL Address Bar spoofing vulnerability can be used to easily trick UC Browser users into thinking they’re visiting a trusted website when being served with a phishing page, as shown in the video demonstration.the pattern matching logic used by UC Browsers is insufficient and can be abused by attackers by simply creating subdomains on their own domain, as “www.google.com.phishing-site.com?q=www.facebook.com,” tricking browsers into thinking that the given site is “www.google.com” and the search query is “www.facebook.com.”researchers found a “hidden” feature in its Android app that could have been exploited by attackers to remotely download and execute malicious code on Android phones and hijack them.

Conclusion

It is also mentioned that some old and other versions of UC Browser and UC Browser Mini are not affected by this URL Address Bar spoofing vulnerability, which suggests that a “new feature might have been added to this browser sometime back which is causing this issue.The company has not yet addressed the issue and simply put an Ignore status on his report.

About the author

Leave a Reply