The Mac Observer

Skip navigational links

You're viewing an article in TMO's historic archive vault. Here, we've preserved the comments and how the site looked along with the article. Use this link to view the article on our current site:
Exploit May Cause Safari To Toss Its Cookies

Mac Security Alert - Exploit May Cause Safari To Toss Its Cookies

by , 1:00 PM EST, November 26th, 2003

The information technology security company, Secunia, has released an advisory about a vulnerability in Safari, Apple's Web browser. The exploit can be used remotely to trick the browser into sending a user's private cookie information for a website. Cookies are bits of information stored on a person's computer that are pertinent to that specific person. Their main purpose is to identify visitors so a certain Web site can be customized for them. From the Secunia advisory page:

A vulnerability has been reported in Apple Safari, which can be exploited by malicious people to steal a user's cookies. The vulnerability is caused due to an error when handling URLs. This can be exploited to disclose a user's cookie information for an arbitrary website by including a NULL character ("%00") in the URL. The vulnerability has been reported in versions 1.0 (v85) through 1.1 (v100.1).

The vulnerability carries a threat level of 4 on a scale of 1-5. That level is characterized by the existence of easy to exploit flaws, no solutions being available, no public awareness or workarounds requiring high technical skills, and the exploit being out "in the wild."

Secunia suggests using another browser to avoid being exposed to the security hazard.

Recent Headlines - Updated November 23rd

Sat,10:30 AM
iPhoneography 101: Essential iPhone Camera Apps
Fri,6:57 PM
Apple Makes ‘Things for iPad’ Free for a Week
6:47 PM
Judge Approves Apple iBooks $450 Million Antitrust Settlement
5:54 PM
100 AA and 52 AAA Duracell Batteries for $59.99 [Extended]
5:18 PM
Use a PDF to See How Big Apple Watches Really Are
4:45 PM
Why Every Estimate for Apple Watch Sales in 2015 is Completely Wrong
4:30 PM
‘Kingdom Rush Origins’ Tower Defender Released for iPhone and iPad
1:42 PM
TMO Daily Observations: 2014-11-21
11:53 AM
Google Agrees to Settlement in Rockstar Patent Infringement Fight
9:44 AM
Apple Blocks Outdated Flash Players Over Security Issues [Update]
9:00 AM
iOS 8: Using “Send Last Location”
Thu,8:05 PM
SwiftKey Adds Languages in iOS Without App Store Updates
  • __________
  • Buy Stuff, Support TMO!
  • Podcast: Mac Geek Gab
  • Podcast: Apple Weekly Report
  • TMO on Twitter!