The Mac Observer

Skip navigational links

You're viewing an article in TMO's historic archive vault. Here, we've preserved the comments and how the site looked along with the article. Use this link to view the article on our current site:
Exploit May Cause Safari To Toss Its Cookies

Mac Security Alert - Exploit May Cause Safari To Toss Its Cookies

by , 1:00 PM EST, November 26th, 2003

The information technology security company, Secunia, has released an advisory about a vulnerability in Safari, Apple's Web browser. The exploit can be used remotely to trick the browser into sending a user's private cookie information for a website. Cookies are bits of information stored on a person's computer that are pertinent to that specific person. Their main purpose is to identify visitors so a certain Web site can be customized for them. From the Secunia advisory page:

A vulnerability has been reported in Apple Safari, which can be exploited by malicious people to steal a user's cookies. The vulnerability is caused due to an error when handling URLs. This can be exploited to disclose a user's cookie information for an arbitrary website by including a NULL character ("%00") in the URL. The vulnerability has been reported in versions 1.0 (v85) through 1.1 (v100.1).

The vulnerability carries a threat level of 4 on a scale of 1-5. That level is characterized by the existence of easy to exploit flaws, no solutions being available, no public awareness or workarounds requiring high technical skills, and the exploit being out "in the wild."

Secunia suggests using another browser to avoid being exposed to the security hazard.

Recent Headlines - Updated February 9th

Mon,12:40 PM
Three Ways to Protect your Apple Watch (and One Way Not To)
Tue,2:52 PM
Hackers in Ireland Trying to Buy Apple Employee Logins
2:41 PM
Scott Galloway on Apple, Amazon, Facebook and Google (Video)
1:26 PM
TMO Daily Observations 2016-02-09: Snagging Apple Employee Logins, Error 53 Lawsuit
11:23 AM
Sony Adds Fuel to Dual Camera iPhone Rumor
9:16 AM
Lawfirm Ready to File iPhone Error 53 Lawsuit
Mon,8:25 PM
Apple CEO Tim Cook Congrats Denver Broncos with Tweet
8:15 PM
Firewatch Release on February 9th for Mac, Windows, Linux, PlayStation 4
7:53 PM
Intego Warns of Fake Flash Update that Installs Scareware
5:30 PM
Infographic for Spotting Fake Apple Watches
5:00 PM
TMO Background Mode: Interview with The Wirecutter’s Editor at Large Glenn Fleishman
4:34 PM
AppDelete Uninstaller for Mac: $4
  • __________
  • Buy Stuff, Support TMO!
  • Podcast: Mac Geek Gab
  • Podcast: Apple Weekly Report
  • TMO on Twitter!