Apple Safari Web Browser Null Character Cookie Stealing Vulnerability
An issue has been discovered in Apple Safari, which may allow an attacker to steal cookie-based authentication credentials from a user of a vulnerable web browser. The problem is in the handling of NULL (%00) characters in URLs.
This issue may only be exploited to steal cookies set for a domain, as opposed to cookies set for a specific host in that domain. Cookies set with the secure flag can be stolen if the attacker uses SSL.
vulnerable
Apple Safari 1.0
Apple Safari 1.1
Workaround:
It has been reported that an unofficial patch has been releasted to address this issue and is available from the following link, under the 'Description in English' section.
http://hetima.com/soft/cookiemonsterfix.html
It should be noted that this is an unofficial and unsupported fix which has not been tested or verified by Symantec.
http://www.securityfocus.com/bid/9065/solution/

Chowhound
Comic Vine
GameFAQs
GameSpot
Giant Bomb
TechRepublic