Two vulnerabilities in Windows Safari
Argentinian hacker Juan Pablo Lopez Yacubian has discovered two security vulnerabilities in version 3.1. of Apple's Safari browser, which was released last week. The vulnerabilities can be exploited by attackers to fake page content or possibly to inject malicious code.
An update to fix the vulnerabilities is not yet available. Until an update is released, users of the Windows version of Safari in particular should therefore avoid following links from emails or on websites to sites which require entry of personal credentials, such as online banking login details.
- Demonstration of the spoofing vulnerability in Safari by Juan Pablo Lopez Yacubian
- Demonstration of the memory access error in Safari by Juan Pablo Lopez Yacubian (caution - vulnerable browsers will crash.)