|
|
Apple Fixes Vulnerability In Safari On Billions of Devices - TechAmok
Apple Fixes Vulnerability In Safari On Billions of Devices - [security]
03:53 AM EDT - Apr,17 2015 - post a comment When Apple pushed out its most recent round of patches last week it fixed a cookie vulnerability that existed in all versions of Safari, including those that run on iOS, OS X, and Windows. According to researchers who dug it up, the number of affected devices may total one billion.
The issue - present in Webkit - is technically a cross-domain vulnerability, meaning that an attacker could rig web content to bypass some of the normal cross-domain restrictions when a user views it. The attacker could then use that access to modify HTTP cookies on a website.
The problem, according to the researcher who found the issue, Jouko Pynnonen of the Finnish firm Klikki Oy, lies in the way that Safari previously handled its FTP URL scheme. Klikki Oy, which has found a handful of other bugs over the last several months, including a critical XSS vulnerability in WordPress, notified Apple of the bug on January 27.
The browser allows HTML documents to be accessed via URLs beginning with ftp:// - like ftp://user:password. This can be an issue when encoded characters are used in place of the password however, according to Pynnönen, who says that in some cases the URL could be misinterpreted to come from an attacker's site and not the target site.
|
|
Add your comment (free registrationrequired)
Short overview of recent news articles |
|
May,14 2025 NVIDIA GeForce Game Ready 576.40 WHQL Driver Released May,13 2025 F1 - Official Trailer #2 (2025) Brad Pitt, Damson Idris, Kerry May,11 2025 The Old Guard 2 - Official Trailer (2025) Charlize Theron, KiKi May,11 2025 I think I know why Ryzen 9000 Series CPUs are Dying...(!) May,10 2025 Is Windows Defender good enough in 2025? May,09 2025 AMD Adrenalin 25.5.1 Driver Released for Doom: The Dark Ages May,09 2025 Ripple SEC Grip OVER, XRP Freedom of USE, Market MODE BULL RUN May,08 2025 "Is x86 Actually Screwed?" ft. Wendell of Level1 Techs - May,07 2025 Android's New Design Guidelines Leaked May,06 2025 Grand Theft Auto VI trailer #2 May,05 2025 Microsoft's Dirty Secret: Your Old PC is Now Trash! May,04 2025 No Noise Cancelling? GOOD. Unboxing the nwm One Headphones & First May,04 2025 NEW! 2025 Audi S5 (367hp) | 0-258 km/h acceleration May,02 2025 Bugatti Bolide vs Nurburgring. 1825 HorsePower Insanity May,01 2025 This will be the largest tech Yard Sale EVER! Insanely low prices on May,01 2025 Skoda Kodiaq RS 245 // 0-100 100-200 TOP SPEED POV & SOUND May,01 2025 Disable or Uninstall Windows Recall to Protect Your Data Privacy May,01 2025 A new Alternative to Nextcloud? OpenCloud presented and local Apr,29 2025 NVIDIA GeForce Hotfix Driver 576.26 Available Apr,28 2025 2025 Porsche 911 992.2 GTS T HYBRID | SOUND 0-100 100-200 200-300 & Apr,28 2025 We Made Perfect Thermal Paste in a Factory, ft. Der8auer | Made In Apr,28 2025 Cyber Security Company CEO Arrested for Installing Malware on Apr,27 2025 This Kid Made his Own Laptop and it's AMAZING! Apr,26 2025 How is this SO CHEAP? - Ubiquiti Cloud Gateway Fiber Apr,26 2025 Ripple president on stablecoins, Trump and tokenization Apr,26 2025 T-Mobile Launches 5G Advanced Apr,25 2025 540HP BMW E46 M3 5.0 V10 // 300KMH REVIEW on AUTOBAHN Apr,25 2025 Has Nvidia Given Up? Apr,23 2025 AMD Software Adrenalin 25.4.1 Beta Drivers Released Apr,23 2025 Stop Paying for Cloud Storage: How I Built My Own Photo Backup Apr,23 2025 Wednesday: Season 2 - Official Teaser Trailer Apr,23 2025 Everything You Need To Know About Windows 10 LTSC Apr,22 2025 Do NOT use Distilled Water for your Water Cooling Loop! Apr,22 2025 Intel Improves 285K Performance with a Big Update Apr,20 2025 FERRARI 812 GTS // REVIEW on AUTOBAHN Apr,19 2025 Meta Disables Apple Intelligence in Facebook and Other Apps Apr,19 2025 Change these Windows Settings for a smarter PC Apr,19 2025 How a malware pdf hacked 4chan Apr,18 2025 2025 BMW 3 Series G20 330e LCI II // TOP SPEED REVIEW on AUTOBAHN Apr,17 2025 Samsung Just Released a Powerful Update - Millions of Phones Getting
>> News Archive <<
| |
|
