Another Batch of Safari Vulnerabilities Exposed

By Ryan Naraine  |  Posted 2008-04-23 Print this article Print

Apple's Safari browser is beginning to look like a bullet-ridden car in Iraq.

According to a warning posted to security mailing lists, there are multiple security flaws in Safari 3.1.1 that put users at risk of ID-theft spoofing attacks or, worse, expose them to drive-by malware downloads.

I have confirmed the spoofing bug based on a proof-of-concept provided in the warning. Here's an example:

Another Batch of Safari Vulnerabilities Exposed

Safari is also vulnerable to at least two different denial-of-service attacks that could be more dangerous if hackers find a way to exploit the browser crashes.

In the absence of a patch, Safari users should consider using a different browser--Firefox or Opera. |

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel