Want CNET to notify you of price drops and the latest stories?
X
WWDC: Everything Apple AnnouncedCNET CouponsSleep With Socks OnBest Solar CompaniesRemote Working in ParadiseBest Satellite Internet ProvidersCurrent Mortgage RatesMeal Subscription vs. Takeout
Yet another URL flaw for Safari 3.0 for Windows beta
Researcher shows how URLs can be spoofed and content-arbitrary within Safari 3.0 beta.
Robert Vamosi Former Editor
As CNET's former resident security expert, Robert Vamosi has been interviewed on the BBC, CNN, MSNBC, and other outlets to share his knowledge about the latest online threats and to offer advice on personal and corporate security.
Security researcher Robert Swiecki, who two days ago disclosed a URL vulnerability within the new Safari 3.0 for Windows beta, has another. The new flaw requires a user to visit a specially crafted Web page. There, an attacker can write whatever name in the URL toolbar and fill the client browser window with arbitrary content. He provides an example (link should be viewed within Safari).
In response to other Safari 3.0 vulnerabilities, Apple yesterday released an updated version that addresses three of the public vulnerabilities. Swiecki says he tested this latest vulnerability on Safari 3.0.1 (522.12.12) running Windows 2003 SE SP2.