Home > Exploits > Avoid Phish Bombing, Update your Safari version to 4.0.3

Avoid Phish Bombing, Update your Safari version to 4.0.3

Avoid phish bombing, Update your Safari version to 4.0.3!

This latest version also includes multiple fixes to critical vulnerabilities, that can be exploited by malicious people or evil websites to manipulate data, disclose sensitive information, perform spoofing attacks and/or compromise your system.  Further information About the security content of Safari 4.0.3

What is Phish Bomb and how does it works?

Phishing is a fraudulent attempt that falsely claims to be from a legitimate known website or organization thus tricking the target victim into voluntarily provide sensitive information such as user name, password, credit card, social security and etc…

However, phish bombs is a just like an explosive of phishing attack, which in Safari 4 allows attacker to manipulate your Top Sites (keyboard shortcut press command+shift+1) . This vulnerability was discovered by Inferno of SecureThoughts.com.

Inferno published his PoC and explains:

“The two input parameters in this attack are the number of times the fake website should be visited (n)(default=28) and timeout(t)(default=2 sec) that triggers a switch between two fake websites. It is very simple and adds two fake websites for bankofamerica.com and gmail.com to your top sites.”

PhishBomb

Update and stay safe!

  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: