Safari phishing vulnerability

This was just made public yesterday. Basically Safari (among some other browsers) appears to mishandle certain unicoded URLs, which can result in phishing attacks (i.e. presenting you with a webpage you believe to be something, for example, paypal, which it is really not). In fact the examples given by the author of the advisory use PayPal, and it definitely appears to work (I used Safari 1.2.4, but the paper claims 1.2.5 is vulnerable as well). Hopefully Apple will release a security update, or a workaround, for this soon - it is quite scary. I haven't looked to see if there is a way to disable this behaviour (evidently, other browsers have this capability) - I'll repost if I find anything.
Here is the link with the full explanation and examples:
http://www.shmoo.com/idn/homograph.txt
Very scary.

Be aware that the reason this exploit doesn't work in Internet Explorer is >because IE doesn't even support IDN, not because IE is somehow correctly >implements the spec.
Actually, it's because the plugins aren't installed by default.
And finally, as an earlier poster stated, you're own vulnerability is low or nil.
I think that depends on who you are. My degree of vulnerability is pretty low - mainly because I'm a paranoid freak. However, people get involved in phishing scams all the time, and this just makes it easier.
My post was not intended to knock Apple, but to increase awareness. And as far as "chicken-littles scream holy murder" - I have but one question to ask. Have you ever seen an OS X system compromised? I have. Maybe it's not "holy murder", but "Hey, didja ever consider this..." Maybe you think I'm yelling "holy murder", but I believe I'm just increasing awareness...
And I quite disagree with your line of "logic" based on previously announced exploits. That's like people who used to say the same thing about Linux when they wanted it to beat M$, and there are plenty of exploits for Linux now. My experience tells me that it is inevitable that something will be created specifically for OS X. I'd love to be wrong, but I doubt it.

Similar Messages

New internet Phishing/Security issues

I've been reading about a DNS/phishing vulnerability in the internet. (This doesn't seem to relate to the often discussed Trojan Horse download). I thought I'd put this out for anyone interested. The blog link below mentions Apple as especially vulnerable. It doesn't say why. Any feedback to put this in perspective?
http://www.nytimes.com/2008/07/30/technology/30flaw.html?scp=7&sq=inte
http://mezzoblue.com/archives/2008/07/28/opendns/
http://news.cnet.com/8301-13554_3-9834579-33.html

You can test your name server's vulnerability (and read more about this issue) at Dan Kaminski's Web site (he's the programmer mentioned in the linked articles).
DoxPara Research: http://www.doxpara.com/
This is apparently a server side problem more than it is an issue with individual computers, so as user/customers there isn't a lot we can do to protect ourselves.
On the bright side, my provider's DNS address showed as vulnerable two weeks ago when I tested, but that appears to have been patched as the message I'm receiving now says:
Your name server, at xx.xx.xxx.xx, appears to be safe, but make sure the ports listed below aren't following an obvious pattern (:1001, :1002, :1003, or :30000, :30020, :30100...).

Third party application is disrupting my ios operating system for my ipad 2 . i believe it's a virus or malware.

third party application i mistakenly downloaded is disrupting my ios operating system . It is asking me for the serial number to my ipad 2 and to call a 800 number . What should i do ? My Ipad is messaging me to do this to solve the issue. I think it's some kind of virus or malware.

It's a Safari phishing scam. Just ignore it. Don't click on any links or call any telephone numbers. Quit Safari.

Clusterware and third-party application

Hi,
I have a installation, where I have 2 servers for Oracle, connected to storage via SCSI, and 6 others servers for application servers (JBoss/WebLogic), not connected to this storage. All 8 machines have two network interface, so I can build public and private network. Oracle servers will work in RAC configuration. My question is: can I use Oracle clusterware to protect application servers, when the machines have not access to shared storage?
Thanx,
Jacek

It's a Safari phishing scam. Just ignore it. Don't click on any links or call any telephone numbers. Quit Safari.

Using Power Book G4 with OSX 10.5.8 okay from virus attack?

Is my Mac Powerbook G$ with OSX 10.5.8 safe from virus attack or do I need to protect Safar?

Lawrence1946 wrote:
Is my Mac Powerbook G$ with OSX 10.5.8 safe from virus attack or do I need to protect Safar?
It is very important to speak precisely about these matters to avoid jumping to unfounded conclusions that lead to erroneous reactions. You said "virus attack" which is a mischaracterization of the problem. It was a vulnerability, only the potential for a man-in-the-middle attack which has absolutely nothing to do with viruses.
For your Mac to be attacked, it would have to be attempting an SSL connection with Safari or other related frameworks, and there would have to be another user on the same wifi network as yourself intercepting the transmissions and skilled enough in network coding to implement a man-in-the-middle attack. So users on school and public wifi networks using Safari were vulnerable, but home users on their own password-protected networks or Chrome/Firefox users were not particularly vulnerable.
From the articles on Mac sites that I read, which described all of the above, it was also said that only Mavericks was vulnerable. However, there were other security updates issued for Mountain Lion and Lion to address other issues.
10.5.8 along with 10.6 are no longer supported due to age and no longer receive security updates.

Third Party 2FA

What is the best third-party soft token or hard token application to use for 2FA with Macbook Pro and IPhone?Th

It's a Safari phishing scam. Just ignore it. Don't click on any links or call any telephone numbers. Quit Safari.

Third Party Intruders

my computer has a third party on it. I need to get this third party off to be able to get on the internet and shut down my computer without forcing it. I already have enabled safe boot.

It's a Safari phishing scam. Just ignore it. Don't click on any links or call any telephone numbers. Quit Safari.

New Must Reading on Apple Security

Unless I've overlooked it, I haven't seen any mention of this, either on the Safari forum or anywhere on the Tiger forums. Perhaps it's been noticed on one of the Leopard forums which I don't visit. I just came across it and immediately realized it needed to be posted here.
I'm posting this link to Brian Mastenbrook's web site. He was responsible for alerting Apple to the Safari RSS vulnerability, especially in Leopard, which would have allowed potential data theft, and which has just been patched in the recent Security Update 2009-001 for both Tiger and Leopard.
He maintains there are critical security implications for OSX design in general that Apple is, apparently, not taking seriously enough. There would seem to be serious implications for users of Tiger, as well as other platforms.
And this, at least to me, doesn't sound like the usual "crying wolf" or media hysterics around possible Apple malware or looming viruses that's been discussed here so often. Scroll down his home page for this.
Most recent blog:
Safari RSS vulnerability: what went wrong?
Posted on Thu, 12 Feb 2009
Last edited Thu, 12 Feb 2009
http://brian.mastenbrook.net/

Yeah, but it's more than that. It's not just about the RSS vulnerability.
There's more but this is what stands out for me. Here, he's talking about a previous patch he was involved with, which, for him, leaves lingering, serious issues unresolved.
I've brought up this possibility to illustrate the harm that could result from the issues I've seen in OS X. This potential attack carries some worrisome implications for the security of Apple's software. It indicates that better design or security measures built in to UNIX are not responsible for the relative lack of attacks against OS X when compared to Windows (nor is more responsive patching of issues as they are reported). *While the specific vulnerabilities I am aware of which could be used to trigger this attack have been closed, any other two vulnerabilities which provide local execution and escalation-of-privileges can be used to build this virus. In fact, an escalation-of-privileges vulnerability is not strictly required to build this virus, as it is also possible for a malicious program running as an ordinary user account to obtain superuser-level access by hijacking programs such as Software Update and System Preferences which prompt the user for administrative credentials. (Apple does not consider this to be a security issue.)*

Third party chord corrupting?

I recently went on a long trip to a remote part of the country. I unfortunately forgot my Apple iPod chord and bought a cheap third party chord in the airport. It worked fine. Since then however my original iPod chord does not work on my iPod nor does my Belkin battery backup. I am wondering if it is possible that the third party chord somehow corrupted my iPod? Any thoughts would be appreciated.

It's a Safari phishing scam. Just ignore it. Don't click on any links or call any telephone numbers. Quit Safari.

With Safari7.0, sometimes open a new window with propaganda and publicity. In preferences Block a new windows is active, What can I do?

Hi There:
With the new Safari 7.0, sometimes a new windows open with propaganda or publicity. That's very unusual because I block the new windows in Safari preferences.
What can I do. My new Safari are vulnerable.
Please Comment.
Hola :
Con el nuevo Safari 7.0, algunas veces se abren nuevas ventanas con propaganda o publicidad. Eso es inusual porque está bloqueada la apertura de v entanas emergentes en las preferencias de Safari.-
Que puedo hacer? El nuevo Safari es vulnerable?
Comenten por favor.

From the Safari menu bar, select
Safari ▹ Preferences ▹ Extensions
Turn all extensions OFF and test. If the problem is resolved, turn extensions back ON and then disable them one or a few at a time until you find the culprit.

Safari-specific phishing?

On 6 March I visited a new web site (just launched) called www.braintumourresearch.org
The site began to load but then a full frame appeared telling me that the site contained malware.
I clicked "Close" and was taken to a site purporting to be provided by Google. I quit Safari promptly and let the site creators know about the problem.
I made some follow-up checks and the malware window only appears in Safari on my Mac, and not in Firefox or Mozilla, nor in Explorer on my colleagues' PCs. The image claiming malware is, I think, called an iFrame although I'm not a techie.
So my question is: is this a Safari-only problem and is my Mac vulnerable as a result? Is this phishing or could it pose some other threat?
Any views welcome.
Regards,
TL

Hmm. Thanks for the reply Klaus, but I'm not convinced. The link in the warning is to something called internetcountercheck.com
I did a search on this and found a page suggesting it's the result of a hack:
http://wordpress.org/support/topic/243838
There are some other pages that may be suggesting similar things, including a lot across Europe.
Moreover, my Mac lost its internet connection following my visit to internetcountercheck.com amd this morning I found a DNSChanger Trojan on my system.
I can't be sure that the two events are related, but the timing seems pretty extraordinary.
Regards,
TL

Safari vulnerability at 2009 pwn2own

Am I the only one concerned about this reported vulnerability in Safari,
such that this Charlie Miller guy could hack in - in 10 SECONDS.
http://it.slashdot.org/article.pl?sid=09/03/19/2110206
Has there been an Apple response?
I know there is the balance that needs to be struck between
leaking some information so we might get some idea of what
behavior is risky versus
_too much_ information letting other/more hackers copy it.
But seriously, the complete lack of information available
about how it works leaves us feeling like we're completely
vulnerable out here.
Should we disable QuickTime?
Should we disable Java?
Should we disable javascripts?
I think the complete absence of a response from Apple
does start to suggest a lack of leadership
on security matters.

Don't read too much into a reported 'hacker contest'!
No, don't disable anything, and the only response you will ever see from Apple will be a new security update - if one is required.
No viruses that can attack OS X have so far been detected 'in the wild', i.e. in anything other than laboratory conditions.
It is possible, however, to pass on a Windows virus to another Windows user, for example through an email attachment. To prevent this all you need is the free anti-virus utility ClamXav, which you can download from:
http://www.clamxav.com/
However, the appearance of Trojans and other malware that can possibly infect a Mac seems to be growing, but is a completely different issue to viruses.
If you allow a Trojan to be installed, the user's DNS records can be modified, redirecting incoming internet traffic through the attacker's servers, where it can be hijacked and injected with malicious websites and pornographic advertisements. The trojan also installs a watchdog process that ensures the victim's (that's you!) DNS records stay modified on a minute-by-minute basis.
SecureMac has introduced a free Trojan Detection Tool for Mac OS X. It's available here:
http://macscan.securemac.com/
The DNSChanger Removal Tool detects and removes spyware targeting Mac OS X and allows users to check to see if the trojan has been installed on their computer; if it has, the software helps to identify and remove the offending file. After a system reboot, the users' DNS records will be repaired.
(Note that a 30 day trial version of MacScan can be downloaded free of charge from:
http://macscan.securemac.com/buy/
and this can perform a complete scan of your entire hard disk. After 30 days the cost is $29.99. The full version permits you to scan selected files and folders only, as well as the entire hard disk. It will detect (and delete if you ask it to) all 'tracker cookies' that switch you to web sites you did not want to go to.)
A white paper has recently been published on the subject of Trojans by SubRosaSoft, available here:
http://www.macforensicslab.com/ProductsAndServices/index.php?mainpage=document_general_info&cPath=11&productsid=174
Also, beware of MacSweeper:
MacSweeper is malware that misleads users by exaggerating reports about spyware, adware or viruses on their computer. It is the first known "rogue" application for the Mac OS X operating system. The software was discovered by F-Secure, a Finland based computer security software company on January 17, 2008
http://en.wikipedia.org/wiki/MacSweeper
On June 23, 2008 this news reached Mac users:
http://www.theregister.co.uk/2008/06/23/mac_trojan/
More information on Mac security can be found here:
http://macscan.securemac.com/
The MacScan application can be downloaded from here:
http://macscan.securemac.com/buy/
You can download a 30 day trail copy which enables you to do a full scan of your hard disk. After that it costs $29.95.
More on Trojans on the Mac here:
http://www.technewsworld.com/story/63574.html?welcome=1214487119
The latest news on the subject, from July 25, 2008, is:
Attack code that exploits flaws in the net's addressing system are starting to circulate online, say security experts.
The code could be a boon to phishing gangs who redirect web users to fake bank sites and steal login details.
In light of the news net firms are being urged to apply a fix for the loop-hole before attacks by hi-tech criminals become widespread.
Net security groups say there is anecdotal evidence that small scale attacks are already happening.
Further details here: http://news.bbc.co.uk/2/hi/technology/7525206.stm
A further recent development is the Koobface malware that can be picked up from Facebook (already a notorious site for malware), as reported here on December 9, 2008:
http://news.bbc.co.uk/newsbeat/hi/technology/newsid_7773000/7773340.stm
You can keep up to date, particularly about malware present in some downloadable pirated software, at the Securemac site:
http://www.securemac.com/
There may be other ways of guarding against Trojans, viruses and general malware affecting the Mac, and alternatives will probably appear in the future. In the meantime the advice is: be careful where you go on the web and what you download!

Firefox & Safari BOTH hijacked (not phish!) No fixes anywhere!

HELP! Both our browsers keep being hijacked (safari & firefox) & redirected to a weird site while inside a members only log-in backdoor! It only happens when I press a 'search' button from within one section (URL would be like: www.domain.com/members/searchlist.php).
So far it only happens within this one site and it happens whether we are in secure or unsecure http: or httpS: url location in this particular member site. The webmaster says it never happens on any others, he checked using various browsers and platforms and therefore that it has to be in my system.
Has anyone heard of this? I cannot figure it out, I don't find anything about this anywhere. ANY help appreciated!
OH: after hitting 'search' in both safari and firefox the redirect/hijack goes to this URL
http://www.usuc.us/enter/goto.php
(we have tried it several times on different days and it always happens! I even got rid of all the cookies in firefox as a test -- still happened. Also went there using a proxy, still happened.)
As infected as winxp gets, AT LEAST they have tons of freeware to remove viruses adware spyware malware. What is there for mac to fix this kind of problem? (which does obviously exist, is documented, but is DENIED by the apple/mac community) -- nothing to find it -- much less FIX it -- that I can find.
No one knows anything. I've requested help from more than half-a-dozen mac expert sites. Zip. Zero. Nada. Zilch. This is a hail mary pass. I'm doubtful anyone here will know how to analyze, find, fix, resolve ... but ***... nothing ventured nothing gained.
Currently running the download folder thru ClamXAV; own/use LittleSnitch, Applejack, various tools; ran rootkithunter; changed DNS server settings in network prefs, renewed dhcp...repaired disks/permissions Ran some terminal searches for invisible files but I have no idea what I'm seeing in the results nor what to look for....ditto with the console logs.... like I said, no one has been able to offer any advice except I was phished (NOT) or that it's the windows using webmaster who is at fault...............................................................another weird thing: sometimes the keyboard mysteriously repeats infinitely (like all those periods) until I force it to stop. What is that? ... what other folder should be examined by ClamXAV?

Mac OS X Vulnerable To Unpatched Bugs
Security researchers have disclosed flaws in the Mac OS X operating system that allow attackers to crash the computer and possibly hijack it.
By Gregg Keizer
InformationWeek
Nov 22, 2006 02:11 PM
http://www.informationweek.com/story/showArticle.jhtml?articleID=195900109&cid=R SSfeedIWKSecurity
Adobe Flaw May Be 'Worst' Bug Of 2007
Security researchers are beginning to think the problem is much worse than first thought, although Adobe promises a fix by next week.
By Gregg Keizer
InformationWeek
Jan 5, 2007 03:17 PM
Adobe has promised to patch buggy versions of its popular Reader software next week to close a cross-site scripting vulnerability that some researchers say has the potential to be the worst of all 2007........affects Firefox....
http://www.informationweek.com/security/showArticle.jhtml;jsessionid=KTZXTOVMP44 WYQSNDLRSKH0CJUNN2JVN?articleID=196801513
Apple Vulnerability Project Launches with QuickTime Exploit
By Ryan Naraine
January 1, 2007
An easy-to-exploit security vulnerability in Apple Computer's QuickTime media player could put millions of Macintosh and Windows users at risk of code execution attacks.
The QuickTime flaw kicked off the Month of Apple Bugs project, which promises to expose unpatched Mac OS X and Apple application vulnerabilities on a daily basis throughout the month of January.
http://www.eweek.com/article2/0,1895,2078180,00.asp
other links:
http://techweb.com/blog/archives/2006/11/titlehere_1.html?cid=TW_bloggkeizer
http://projects.info-pull.com/mokb/
http://projects.info-pull.com/mokb/MOKB-20-11-2006.html
As noted in original post:
1) URL format is LIKE this (not literally is this):
www.domain.com/members/searchlist.php
2) Already running CLAMXAV.
Thanks for responses -- again it doesn't address my specific problems. No one so far has any clues about what is causing it. Is it malware spyware virus exploit hijack redirect -- server host system internal external? I don't know. That's my quandary. No one seems to know.

Is java vulnerable in safari 5.1? I have a macbook using 10.6.8

I am worried about the java vulnerability. I need it to pay bills on my banks website. is java vulnerable in safari 5.1. I am using a macbook with os 10.6.8

The recently discovered zero-day flaw in Java 7 is so serious that the U.S. Department of Homeland Security has warned users to disable or uninstall it, and Apple has disabled the Java 7 plugin on Macs through its OS X anti-malware system, in order to protect users from a potentially serious security issue.
You should disable Java (if not already done) until either the US Department of Homeland Security, or Oracle, declare it safe and Apple restore the facility. Oracle have released an update said to fix the security flaw, available from here:
http://www.oracle.com/technetwork/java/javase/downloads/jre7-downloads-1880261.h tml
Javascript should not be disabled (it has nothing to do with Java), and is probably what your bank is using.

Error message that Firefox version 5.0 or later is vulnerable to phishing but I am running Firefox 16.0

I get a small box that comes up each time I enter Firefox saying that Firefox 5.0 is vulnerable to phishing and other threats. I am not sure where this message comes from. I have Norton software on the my computer. The box further asks me to update my Firefox to a later version. I check my preferences and I am running Firefox 16.0 the newest version.
I am not sure what to do about this situation.

See [[/questions/935636]]

Safari phishing vulnerability

Similar Messages

Maybe you are looking for