Safari Browser Security Threat on Windows PCs

Use Safari browser on your Windows machine? Might want to think again.

Apple’s Safari Web browser appears to be vulnerable to attack when handling cookie files in country-level top-level domains, such as .co.uk and .com.au.

…vulnerability could perform a session fixation attack. This allows the attacker to pre-set the victim’s session ID and to use the fixed session ID for malicious activities.

An attack of this sort, known as “cross-site cooking,” might include tricking a user to log in through a malicious form, exploiting a cross-site scripting vulnerability or meta tag injection flaw, breaking into host in the target server’s domain, and network traffic alteration.

Attacks making use of this vulnerability have not yet been reported. Apple has not yet addressed the flaw.

Apple and Microsoft have known about the flaw for months. Doesn’t look like they are in a big hurry to fix it, yet.

I tried Safari a year or two ago. I didn’t like it. It was big and sluggish on my Windows machine. I doubt there are a whole lot of people using Safari.. but if you are, you might want to check on the issue, or start using another Windows-compliant browser.