While users often rely on browser features like fullscreen mode for an immersive experience, a significant vulnerability within Safari’s implementation of the Fullscreen API raises concerns about security.
This flaw permits attackers to execute browser-in-the-middle (BitM) attacks, effectively hijacking user sessions without detection. Web developers utilize the Fullscreen API to improve the viewing experience, but its misuse can lead to severe results, particularly on Safari because of the platform’s limited visual cues when shifting into fullscreen.
The Fullscreen API in Safari can enable undetected browser-in-the-middle attacks, jeopardizing user session security.
The core of this vulnerability lies in an out-of-bounds write in WebKit, the engine that powers Safari. Attackers can craft malicious web content that exploits this flaw, escaping the Web Content sandbox and escalating their attack capabilities. Apple has prioritized customer protection in security practices, although such sophisticated exploits have been observed targeting particular individuals on versions prior to iOS 17.2. Even though Apple has implemented security updates to address the vulnerability, including the release of Safari version 18.3.1 in March 2025, the risk remains palpable.
In a typical BitM attack, the attacker deploys a remote browser that operates in fullscreen mode. This method obscures standard user interface elements, making it exceedingly challenging for users to identify that their session has been compromised. Full Screen API vulnerability has become a pressing concern due to the potential for extensive credential theft and unauthorized access to sensitive data.
As a result, unsuspecting victims may unwittingly enter sensitive information, such as login credentials or financial details, into a spoofed interface designed to mimic legitimate sites.
Apple has acknowledged the risks associated with WebKit’s security, but has opted not to pursue additional changes particularly targeting the fullscreen issue, relying instead on existing guardrails.
The company highlights the importance of animation cues as an alert when entering fullscreen, advising users to remain vigilant. Security patches have been integrated into several recent versions of iOS, iPadOS, visionOS, and macOS, yet the prevalence of this attack method, particularly on Safari, emphasizes an urgent need for heightened user awareness and continued technological vigilance.
