Another day, another unpatched Safari browser vulnerability.
According to this flaw warning found on the NVD (National Vulnerability Database), Apple's flagship browser is vulnerable to session fixation attacks because of the way it handles cookies in country-specific top-level domains.
Heise Security breaks down the attack vector:
Apple's Safari web browser, when handling cookies in multipart top level domains (TLDs), contains a vulnerability that potentially allows attackers to access the web services used by the victim. Safari handles multipart TLDs like .co.uk or .com.au differently from normal TLDs like .de or .com. According to a report, this allows attackers to inject the browser with a cookie which Safari will subsequently use for log-in authentication at other servers in the same TLD.