iThreats

Avoid phish bombing, Update your Safari version to 4.0.3!

This latest version also includes multiple fixes to critical vulnerabilities, that can be exploited by malicious people or evil websites to manipulate data, disclose sensitive information, perform spoofing attacks and/or compromise your system.  Further information About the security content of Safari 4.0.3

What is Phish Bomb and how does it works?

Phishing is a fraudulent attempt that falsely claims to be from a legitimate known website or organization thus tricking the target victim into voluntarily provide sensitive information such as user name, password, credit card, social security and etc…

However, phish bombs is a just like an explosive of phishing attack, which in Safari 4 allows attacker to manipulate your Top Sites (keyboard shortcut press command+shift+1) . This vulnerability was discovered by Inferno of SecureThoughts.com.

Inferno published his PoC and explains:

“The two input parameters in this attack are the number of times the fake website should be visited (n)(default=28) and timeout(t)(default=2 sec) that triggers a switch between two fake websites. It is very simple and adds two fake websites for bankofamerica.com and gmail.com to your top sites.”

Update and stay safe!