- Sun 11 May 2003
- macintosh
- Gaige B. Paulsen
A bug that affects users of Apple's Safari browser has been discovered.
The bug results in sophisticated sites being able to masquerade as other sites even when SSL is being used.
Although the bug is considered moderately severe, and should be fixed immediately, it is unclear that the risk of its exploitation is high, due to the required sophistication of the hackers.
The bug consists of Safari not double-checking that the site you are accessing is actually the site that you are trying to access (by re-verifying the IP address of the site with the DNS).
This vulnerability can only be triggered along with a DNS spoofing vulnerability which is used to masquerade as another host.