Exploit May Cause Safari To Toss Its Cookies
Mac Security Alert - Exploit May Cause Safari To Toss Its Cookies
by , 1:00 PM EST, November 26th, 2003
The information technology security company, Secunia, has released an advisory about a vulnerability in Safari, Apple's Web browser. The exploit can be used remotely to trick the browser into sending a user's private cookie information for a website. Cookies are bits of information stored on a person's computer that are pertinent to that specific person. Their main purpose is to identify visitors so a certain Web site can be customized for them. From the Secunia advisory page:
A vulnerability has been reported in Apple Safari, which can be exploited by malicious people to steal a user's cookies. The vulnerability is caused due to an error when handling URLs. This can be exploited to disclose a user's cookie information for an arbitrary website by including a NULL character ("%00") in the URL. The vulnerability has been reported in versions 1.0 (v85) through 1.1 (v100.1).
The vulnerability carries a threat level of 4 on a scale of 1-5. That level is characterized by the existence of easy to exploit flaws, no solutions being available, no public awareness or workarounds requiring high technical skills, and the exploit being out "in the wild."
Secunia suggests using another browser to avoid being exposed to the security hazard.
Warning: include(/usr/local/etc/httpd/sites/macobserver.com/htdocs/forums/extension.inc) [function.include]: failed to open stream: No such file or directory in /var/www/bbm/macobserver.com/ee2/www/htdocs/comments/comments.php on line 108
Warning: include() [function.include]: Failed opening '/usr/local/etc/httpd/sites/macobserver.com/htdocs/forums/extension.inc' for inclusion (include_path='.:/usr/share/php5:/usr/share/php') in /var/www/bbm/macobserver.com/ee2/www/htdocs/comments/comments.php on line 108
Warning: include(/usr/local/etc/httpd/sites/macobserver.com/htdocs/forums/common.) [function.include]: failed to open stream: No such file or directory in /var/www/bbm/macobserver.com/ee2/www/htdocs/comments/comments.php on line 110
Warning: include() [function.include]: Failed opening '/usr/local/etc/httpd/sites/macobserver.com/htdocs/forums/common.' for inclusion (include_path='.:/usr/share/php5:/usr/share/php') in /var/www/bbm/macobserver.com/ee2/www/htdocs/comments/comments.php on line 110
Warning: include(/usr/local/etc/httpd/sites/macobserver.com/htdocs/forums/includes/bbcode.) [function.include]: failed to open stream: No such file or directory in /var/www/bbm/macobserver.com/ee2/www/htdocs/comments/comments.php on line 112
Warning: include() [function.include]: Failed opening '/usr/local/etc/httpd/sites/macobserver.com/htdocs/forums/includes/bbcode.' for inclusion (include_path='.:/usr/share/php5:/usr/share/php') in /var/www/bbm/macobserver.com/ee2/www/htdocs/comments/comments.php on line 112
Fatal error: Call to a member function sql_query() on a non-object in /var/www/bbm/macobserver.com/ee2/www/htdocs/comments/comments.php on line 532
Recent Headlines - Updated May 20th
- Mon, 11:42 AM
- Manage Your App.net Account with Passport
- 10:59 AM
- Rumor - Rumor Claims Apple Testing iWatch Display
- 10:14 AM
- News - Dallas Apple Store Loses iPhones in Theft
- 9:33 AM
- TMO Appearances - Jeff Gamet on Singing Astronauts & Whovians Fighting Jedi on The BIG Show
- 8:45 AM
- News - Yahoo! Buys Tumblr in $1.1B Deal
- Sat, 10:30 AM
- How-To - How to Assign Custom Icons to Desktop Files & Folders in OS X
- Fri, 8:10 PM
- Free on iTunes - 3 Free iOS Apps We Hope You Never Need
- 7:52 PM
- The Back Page - Apple’s ‘iRadio’ Streaming Excites Labels, Sony Hung on Skipping
- 3:50 PM
- Particle Debris - How the War Between Apple & Google Will be Won
- 3:29 PM
- News - Pentagon Approves iPhone & iPad for Military Use
- 1:10 PM
- TMO Quick Tip - Apple TV: Hiding Unused Icons from the Main Screen
- 10:40 AM
- Sci-Fi Airshow
The Mac Observer Reader Specials
-
-
-
-
-
-
-
-
-
Support TMO, Buy from Amazon, MacMall and The Apple Store
