Home > Exploits > Zero Day Exploit: Safari Address Bar URL Spoofing

Zero Day Exploit: Safari Address Bar URL Spoofing

There is a zero day threat to all Safari users both in Windows and Mac, where a remote attacker can hide the actual URL address of the web page in the browser location bar. Let’s see how this works …
Since URL and web page spoofing is very common to phishing, I created this sample email with crafted URL on it.


I clicked the link and here’s what I got in Safari 3.1 for Windows.


Here’s the screenshot in Mac.


So, what happened here?

A security flaw was found in Safari, when you input a URL containing a special characters followed by “@” which indicates the actual hostname. The special characters was crafted long enough to hide the URL of the page.


As most of Safari users experience the spinning wheel of death, it is evident that there are multiple vulnerabilities that lies within this application.

Is there available security patch/fix ? None, at the moment. So, please refrain from clicking or browsing untrusted websites.

Juan Pablo Lopez Yacubian has recently discovered this vulnerability.

  1. October 7, 2008 at 9:45 am

    Some people, some time ago reported this bug to Apple ( read this: http://marcoramilli.blogspot.com/2008/02/discovering-potential-vulnerabilities.html )

    But they said: “thank you man” … and nothing more….

  2. Methusela Cebrian Ferrer
    October 8, 2008 at 12:01 pm

    Thanks Marco, i’ll add your blog to my reader.

    I’m afraid they don’t care … as it seems this vulnerability has been around for awhile now.

  3. duandaHenly
    March 5, 2009 at 11:42 am

    Hi
    Webmaster I would like to exchange links with you
    email: abuse@softlayer.com
    postmaster@softlayer.com

    • Methusela Cebrian Ferrer
      March 6, 2009 at 6:44 am

      Ok, ill reply offline.

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: