Security Watch

Keeping Track of patches and hacks in the IT security world.

Another Batch of Safari Vulnerabilities Exposed

Apple's Safari browser is beginning to look like a bullet-ridden car in Iraq.

According to a warning posted to security mailing lists, there are multiple security flaws in Safari 3.1.1 that put users at risk of ID-theft spoofing attacks or, worse, expose them to drive-by malware downloads.

I have confirmed the spoofing bug based on a proof-of-concept provided in the warning. Here's an example:

Another Batch of Safari Vulnerabilities Exposed

Safari is also vulnerable to at least two different denial-of-service attacks that could be more dangerous if hackers find a way to exploit the browser crashes.

In the absence of a patch, Safari users should consider using a different browser--Firefox or Opera.