Another Batch of Safari Vulnerabilities Exposed
Apple's Safari browser is beginning to look like a bullet-ridden car in Iraq. According to a warning posted to security mailing lists, there are multiple security flaws in Safari 3.1.1 that put users at risk of ID-theft spoofing attacks or, worse, expose them to drive-by malware downloads. I have confirmed the spoofing bug based on a proof-of-concept provided in the warning. Here's an example: ![]() Safari is also vulnerable to at least two different denial-of-service attacks that could be more dangerous if hackers find a way to exploit the browser crashes. In the absence of a patch, Safari users should consider using a different browser--Firefox or Opera. |



Comments (1)
While updating iTunes last week I noticed that Apple had hitched Safari in as another already selected download with the iTunes patch. Luckily I noticed and took it off the downloads list. What gives? Thought only Microsoft did sneaky stuff like that.
Posted by jdid | April 23, 2008 10:22 PM