Search Perform an advanced search query SOFTPEDIA
 
SOFTPEDIA
Updated one minute ago
HomeSubmit a program for being reviewedAdvertise on our websiteGet help on surfing our websitesSend us your feedbackGet information about our XML/RSS backend and how to use itBrowse the news archiveVisit our discussion forumVizitati forumul in limba romana



KLIP
  1. HOME
  2. SCIENCE
  3. TECHNOLOGY
  4. WEBMASTER
  5. SECURITY
  6. MICROSOFT
  7. LINUX
  8. APPLE
  9. GAMES
  10. TELECOMS
  11. REVIEWS
  12. LIFE & STYLE
  13. EDITORIALS
  14. INTERVIEWS
  15. RSS
Welcome!
Hello, Guest

Login if you have a Softpedia.com account.

Otherwise, register for one.

MAC

Safari 3.1.1 Still Not Safe. URL Spoofing Flaw Confirmed

- Research website claims both Mac OS X and Windows users of Safari are facing a "less critical" vulnerability this time

By: Filip Truta, Apple News Editor

Weeks have passed since Apple issued the latest security patch of its standard web browser, Safari for Mac OS X and Windows users. Version 3.1.1 patched 4 main issues, one of which was a flaw that allowed Charlie Miller to Pwn and Own Apple's MacBook Air, nabbing for himself the laptop and 10 Gs at CanSecWest. The web browser however, even AU (after update)
is far from being flawless, research site Secunia warns.

The website issued its warning just over a week after Apple offered the security update. It alleges that both Mac OSX and Windows users of Safari are facing another, "less critical," vulnerability that could potentially allow malicious sites to "spoof" other websites. Juan Pablo Lopez Yacubian reported the vulnerability to Secunia, adding that Safari 3.1.1 has a flaw that can be exploited by malicious people to display a fake URL in the address bar.

"The problem is that it is possible to hide the actual location of a page in the address bar via a specially crafted URL containing a number of certain special characters in the 'user' field before the '@' character," the security advisory noted. Both Mac OS X and Windows Vista users of Apple's standard web browser are currently known for being affected, but other versions of the OS may very well be affected too, according to Secunia. The research site rates the flaw as "less critical". However, Secunia warns that users should avoid untrusted websites and untrusted links nonetheless.

Safari 3.1.1 includes improvements to stability, compatibility and security fixes. Aside from addressing the flaw that allowed Charlie Miller to compromise Apple's MacBook Air at the Pwn2Own contest, as far as the Mac OS X version of the web browser is concerned, the patch also contains fixes for three other issues. Two of those are for the Windows version of Safari.

MORE RELATED ARTICLES: Apple Seeds Mac OS X 10.5.3 Build 9D23 to Developers They Knew About the Safari Exploit Long Before PWN 2 OWN 2008 1Password Updated for Camino 1.6 Users Camino 1.6 Adds Tweaked UI, Multitouch Support and More Apple Launches One to One Personal Training at Your Local Apple Store Apple Updates Software Update
 
Comments | Link here | Subscribe
Print | Send to friend
Today's News | Yesterday's News

Search:

TAGS: Safari version 3.1.1 spoofing URL spoofing vulnerability

25th April 2008, 10:36 GMT | Copyright (c) 2008 Softpedia | Contact:
Read by 1,048 user(s) | Rating: | 7 vote(s) so far | Cast your vote:
Safari 3.1.1 Still Not Safe. URL Spoofing Flaw Confirmed - USER OPINIONS




We are sorry, there are no opinions available for this article.


SHARE YOUR OPINION ABOUT Safari 3.1.1 Still Not Safe. URL Spoofing Flaw Confirmed

Since you are not logged on, your comments will have to be approved before being displayed.
Click here to login, or register.
Your Name:
Your Email:
Type in the result:
Your Opinion:
 


DO YOU WANT TO CONTACT US?  

If you have some comments or you want to send us some information you can send us an email directly to .
You can use the form below for the same purpose.
Your full name: (at least 3 characters)
Your email address: (at least 5 characters)
Message subject: (at least 5 characters)
Message text:
(at least 10 characters)
Type in the result:
 
 
© 2001 - 2008 Softpedia. All rights reserved.
Softpedia™ and Softpedia™ logo are registered trademarks of SoftNews NET SRL.
Copyright Information | Privacy Policy | Terms of Use | Contact Softpedia | Update your software | Archive