Safari SSL bug found


A bug that affects users of Apple's Safari browser has been discovered.

The bug results in sophisticated sites being able to masquarade as ofther sites even when SSL is being used.

Although the bug is considered moderately severe, and should be fixed immediately, it is unclear that the risk of its exploitation is high, due to the required sophistication of the hackers.

The bug consists of Safari not double-checking that the site you are accessing is actually the site that you are trying to access (by re-verifying the IP address of the site with the DNS).

This vulnerability can only be triggered along with a DNS spoofing vulnerability which is used to masquarade as another host.

Further details are here at Secunia.