Exploit May Cause Safari To Toss Its Cookies

The information technology security company, Secunia, has released an advisory about a vulnerability in Safari, Appleis Web browser. The exploit can be used remotely to trick the browser into sending a useris private cookie information for a website. Cookies are bits of information stored on a personis computer that are pertinent to that specific person. Their main purpose is to identify visitors so a certain Web site can be customized for them. From the Secunia advisory page:

A vulnerability has been reported in Apple Safari, which can be exploited by malicious people to steal a useris cookies. The vulnerability is caused due to an error when handling URLs. This can be exploited to disclose a useris cookie information for an arbitrary website by including a NULL character ("") in the URL. The vulnerability has been reported in versions 1.0 (v85) through 1.1 (v100.1).

The vulnerability carries a threat level of 4 on a scale of 1-5. That level is characterized by the existence of easy to exploit flaws, no solutions being available, no public awareness or workarounds requiring high technical skills, and the exploit being out "in the wild."

Secunia suggests using another browser to avoid being exposed to the security hazard.

Sign Up for the Newsletter

Join the TMO Express Daily Newsletter to get the latest Mac headlines in your e-mail every weekday.

No Comments

Log-in to comment