Identity Theft News

Apple patches Safari web browser security flaws

Wednesday, August 12, 2009

Apple issued six security bulletins on Tuesday for its Safari web browser, version 4.0.3, including a flaw in Top Sites that could allow an attacker to insert malicious sites in the browser for a phishing attack.

Safari 4's Top Sites feature allows users to see their favorite websites previewed within the browser. Apple said a security flaw in this feature could allow a malicious website to promote arbitrary sites into the Top Sites view through automated actions, including sites designed for stealing personal information in a phishing attack.

Apple said it addressed the issue by preventing automated website visits from affecting the Top Sites list.

"Only websites that the user visits manually can be included in the Top Sites list," Apple said in its security bulletin. "As a note, Safari enables fraudulent site detection by default. Since the introduction of the Top Sites feature, fraudulent sites are not displayed in the Top Sites view."

Another flaw in WebKit, the browser engine that drives Safari, could allow attackers to insert look-alike characters in URLs to direct users to phishing websites.

Last week, the company issued patches for Mac OS X 10.5.8, called Leopard. That update contained several non-security fixes for technical errors to the Safari web browser version 4.0.2.
ADNFCR-1765-ID-19309245-ADNFCR

Related News:

Threat of identity theft shows need for online security - 11.19.2009
As Americans live increasingly large portions of their lives on the internet, the possibilities and incentives for remote identity theft increase as well. A report in the New York Times advises caution, and gives tips for constructing an "online bulwark" to prevent theft and fraud.

Wi-Fi network security vulnerable to man-in-the-middle attacks on smart phones - 11.16.2009
Researchers last week revealed a weakness in mobile network security that could allow for so-called "man-in-the-middle" techniques to steal personal information from users of certain types of mobile phones.

FDIC warns banks of money transfer 'mules' duped by cybercriminals - 11.2.2009
In a new warning to banks about illicit electronic fund transfers, the Federal Deposit Insurance Corporation (FDIC) said last week that online bank account theft is rising using "money mules," unwitting job-seekers who are duped by cyber crooks into wiring funds from hacked bank accounts.

Obama addresses cybersecurity awareness in YouTube video - 10.21.2009
Online cyber attacks and identity theft have never been higher, a threat environment that challenges U.S. security every day. President Obama has designated October as National Cybersecurity Awareness Month, which he addressed in a web video last week.

Facebook application security hole exposes millions to hacking, researcher says - 10.19.2009
A security researcher is warning Facebook users about potential vulnerabilities in Facebook applications that could allow cross-site scripting (XSS) hacker attacks for hijacking user accounts.
View Related Resources
Or
Watch an Online Demo
Or
Have us call you now