Yet another URL flaw for Safari 3.0 for Windows beta

Researcher shows how URLs can be spoofed and content-arbitrary within Safari 3.0 beta.

Security researcher Robert Swiecki, who two days ago disclosed a URL vulnerability within the new Safari 3.0 for Windows beta, has another. The new flaw requires a user to visit a specially crafted Web page. There, an attacker can write whatever name in the URL toolbar and fill the client browser window with arbitrary content. He provides an example (link should be viewed within Safari).

In response to other Safari 3.0 vulnerabilities, Apple yesterday released an updated version that addresses three of the public vulnerabilities. Swiecki says he tested this latest vulnerability on Safari 3.0.1 (522.12.12) running Windows 2003 SE SP2.

About the author

    As CNET's former resident security expert, Robert Vamosi has been interviewed on the BBC, CNN, MSNBC, and other outlets to share his knowledge about the latest online threats and to offer advice on personal and corporate security.

     

    Join the discussion

    Conversation powered by Livefyre

    Show Comments Hide Comments
    Latest Galleries from CNET
    10 mobile gadgets gone gonzo (pictures)
    Apple in 2014: iPhone 6, iCloud hack, Beats and more (pictures)
    The 12 most distinctive phones of 2014 (pictures)
    Best mobile games of 2014
    Nissan gives new Murano bold style (pictures)
    Top great space moments in 2014 (pictures)