X
Tech
Home Tech Security

Safari browser flaw: Session fixation attacks possible

Another day, another unpatched Safari browser vulnerability.According to this flaw warning found on the NVD (National Vulnerability Database), Apple's flagship browser is vulnerable to session fixation attacks because of the way it handles cookies in country-specific top-level domains.
Written by Ryan Naraine, Contributor

Another day, another unpatched Safari browser vulnerability.

According to this flaw warning found on the NVD (National Vulnerability Database), Apple's flagship browser is vulnerable to session fixation attacks because of the way it handles cookies in country-specific top-level domains.

[ SEE: Microsoft issues Safari-to-IE blended threat warning ]

Heise Security breaks down the attack vector:

 Apple's Safari web browser, when handling cookies in multipart top level domains (TLDs), contains a vulnerability that potentially allows attackers to access the web services used by the victim. Safari handles multipart TLDs like .co.uk or .com.au differently from normal TLDs like .de or .com. According to a report, this allows attackers to inject the browser with a cookie which Safari will subsequently use for log-in authentication at other servers in the same TLD.

Alex "Kuza55," a hacker who appeared at Microsoft's Blue Hat summit, is credited with discovering this Safari vulnerability. It carries a CVSS Base Score of 6.8.

Editorial standards
Show Comments

Related

logi-ai-prompt-builder-mx-setup

Logitech mouse and keyboard users are getting a free AI upgrade

Placeholder product image alt text

The best AI image generators to try right now

GOTRAX 4 electric scooter

The most charming projector I've tested has now replaced my TV for movie nights