Slashdot Mirror

← Back to Stories (view on slashdot.org)

Safari Security Hole Allows Cookie Theft

Posted by pudge on Friday November 21, 2003 @04:59AM from the shut-it-down dept.

An anonymous reader writes "MacSlash posted a story about a vulnerability in Safari. The exploit allows someone to steal any of your domain-based cookies (passwords, private info, etc.) from any website. Mozilla and Internet Explorer had the same bug in the past."

2 of 70 comments (clear)

Min score:

Reason:

Sort:

(Not) PATCHED ALREADY! by sld126 · 2003-11-21 08:55 · Score: 3, Interesting

Safari 1.1.1 (v100.1)

Still see my ebay cookies.

Maybe you cleared your cookie cache or have accepting them turned off?

--
You're just jealous because the voices only talk to me.
3rd Party Fix by stefanb · 2003-11-22 01:41 · Score: 3, Interesting

This BugTraq post links to a Japanese page with a fix (English text at the bottom).
I was bit dubious at first, but the patch includes source code. I did install the supplied binary, though...
What I'm really surprised about however is the fact that a) a third-party developer can fix a problem like this at all, and how easily the fix can be hooked into Safari. It appears that this OpenStep/Cocoa framework stuff is really flexible...
Oh and yes, it does work!