toggle

AAPL Stock: 122.37 ( -0.62 )

Printed from http://www.macnn.com

URL spoofing flaw affects Safari 3.1.1

updated 09:00 pm EDT, Thu April 24, 2008

URL spoofing flaw

A little over a week after Apple offered a security update to Safari 3.1.1, security research site Secunia warned users about another, but "less critical," vulnerability that could allows malicious sites to "spoof" other websites. Reported by Juan Pablo Lopez Yacubian, the security advisory notes that Safari 3.11 has a flaw that can be exploited by malicious people to display a fake URL in the address bar. "The problem is that it is possible to hide the actual location of a page in the address bar via a specially crafted URL containing a number of certain special characters in the 'user' field before the '@' character," the report noted. It affects both Mac OS X and Windows Vista of the browser and may also affect older versions. Secunia, however, rates the flaw as "less critical," but warns that users should avoid untrusted websites and untrusted links.

Last week's Safari 3.1.1 update included improvements to stability, compatibility and security fixes for four separate flaws -- specifically addressing a flaw in the Mac version of Safari that allowed Charlie Miller to win $10,000 in the Pwn2Own contest at CanSecWest. It also contained fixes for three other issues, including two that only affected the Windows version of Safari.




by MacNN Staff

POST TOOLS:

TAGS :

toggle

Comments

  1. Guest

    Joined: Dec 1969

    0

    editing anyone

    "could allows" Please does anyone proof read these?

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

Follow us on Facebook

toggle

Most Popular

Advertisement

Recent Reviews

HP 14-x030nr 14-inch Chromebook

If you're like us, chances are you've come to realize that you need the ability to access the Internet on the go. Also, you've prob ...

15-inch MacBook Pro with Force Touch

Apple's 15-inch Retina MacBook Pro continues to be a popular notebook with professional users and prosumers looking for the ultimate ...

Typo keyboard for iPad

Following numerous legal shenanigans between Typo -- a company founded in part by Ryan Seacrest -- and the clear object of his physica ...

toggle

Most Commented