macnn

04/24/2008, 9:00pm, EDT

Thursday, April 24th

URL spoofing flaw affects Safari 3.1.1

A little over a week after Apple offered a security update to Safari 3.1.1, security research site Secunia warned users about another, but "less critical," vulnerability that could allows malicious sites to "spoof" other websites. Reported by Juan Pablo Lopez Yacubian, the security advisory notes that Safari 3.11 has a flaw that can be exploited by malicious people to display a fake URL in the address bar. "The problem is that it is possible to hide the actual location of a page in the address bar via a specially crafted URL containing a number of certain special characters in the 'user' field before the '@' character," the report noted. It affects both Mac OS X and Windows Vista of the browser and may also affect older versions. Secunia, however, rates the flaw as "less critical," but warns that users should avoid untrusted websites and untrusted links.

Last week's Safari 3.1.1 update included improvements to stability, compatibility and security fixes for four separate flaws -- specifically addressing a flaw in the Mac version of Safari that allowed Charlie Miller to win $10,000 in the Pwn2Own contest at CanSecWest. It also contained fixes for three other issues, including two that only affected the Windows version of Safari.


Filed under: security
Other story tags: Vista, Safari, browser, vulnerability

, , 2comments, del.icio.us, slashdot, digg


2 comments
Reader Reactions (Please use <i></i> for italic text)

subscribe to comments
for this article




Expand All   Global Settings
editing anyone
0
04/25, 1:16am, EDT
"could allows" Please does anyone proof read these?
Guest
Your Comments

In order to post comments: If you are a registered member, please login with your MacNN Forums username and password otherwise please uncheck the checkbox below.


Registered Member?
macnn forums login:

macnn forums password:

Not a member of the MacNN forums? Register now for free.

MacNN iPodNN Electronista
top searches
1. apple
2. iphone
3. apple TV
4. ipod
5. mac
6. BBC
7. icons
8. icon
9. macbook
10. leopard
search for more ..
RSS Feeds

Have the latest content delivered to your desktop via RSS. Use the links below to get access to a specific blog, news, or reviews feed.



  MacNN -all

  MacNN Reviews

  MacNN Podcasts

  iPodNN

  Electronista

  Left Lane News
Autokredit im Vergleich - Here is some car credit information for our Germany visitors.
Turn your laptop into CASH: Sell us your used laptop. Working or not. Get money FAST. Instant online quote. Shipping is FREE.

PowerBookMedic will fix any Powerbook, iBook, iPod: We offer Parts, Hard Drives, Superdrives, Ram Upgrades & Repairs all backed up w/ our 1YR Warranty!

Looking For A NEW LAPTOP? Build Your Own!: CHECK IT OUT! Build your Intel®-Powered Laptop With ZipZoomFly. Chassis, Components, Everything.

CHECK OUT THE VIERA FROM PANASONIC: Enter a New Visual Era with Panasonic VIERA HDTVs. An Enhanced Experience.

This Is The #1 Projector For Education And Business: Check Out The Sony VPL-E Series Of Data Projectors. Bright, Stylish, Easy To Use.

Xim, inc: Softward & System Integration. San Francisco, CA.

Buy from The Apple Store, iTunes.com, Amazon.com, TechDepot, OfficeDepot, Computers4Sure, or donate.