In association with heise online

18 December 2007, 13:45

Cross-site scripting hole in Apple Safari for Windows

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

A cross-site scripting hole in Safari not only affects the web browser on Mac OS X, but also the beta version for Windows. In addition to an update for Mac OS X, Apple has released an updated version for the supported Windows versions.

Attackers can exploit this vulnerability to inject arbitrary content onto websites based on frames and execute script code in the security context of the website, for instance. Other information, such as cookies, can also be gathered. The current software version, which is available from Apple as a download from the Safari site, closes this security leak. The download does not, however, correct any other flaws.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit