Apple Releases New Batch of Patches, Fixes International Domain Names Phishing Flaw in Safari   - 1,307 Views, 1 Comment

Previous Article « Identity Theft Insurance Now Available
Read Next Article » Utah Gets New Internet Pornography Law

  Follow Anne on Twitter     Friend Anne on Facebook

Apple has released nine new patches today, designed to patch and repair several flaws in the standard OS X operating system and programs. One of the most critical of these is the flaw which allows phishers to take advantage of browsers which support the International Domain Name standard. Safari is one such browser which supports the International Domain Name (IDN) standard, and as such users running Safari were vulnerable to the phishing attacks which take advantage of the flaw. Other browsers susceptible to the International Domain Name standard spoof include Firefox, Mozilla, and Opera.

The way that the IDN spoof works is by taking advantage of the fact that these browsers will render certain non-traditional characters in an international domain name as more commonly recognized Latin characters. Thus, for example, a phisher could register “àmazon.com”, but in one of the affected browsers it would appear as “amazon.com”, and thus be trusted by the user. (For those of you whose browsers did not render the first “àmazon.com” correctly, there is an accent over the first “a”, and well, now you see the problem.)

In addition to the patch for Safari, Apple released two different patches for AFP Server, a patch for Bluetooth Setup Assistant, one for Core Foundation, one each for Cyrus IMAP and SASL, one for Folder permissions, and one for Mailman.

The patches are all available from the Apple Website.

Apple Releases New Batch of Patches, Fixes International Domain Names Phishing Flaw in Safari

 Follow Anne on Twitter

 Twitter Explained in Plain English

 Friend Anne on Facebook

Previous Article « Identity Theft Insurance Now Available
Read Next Article » Utah Gets New Internet Pornography Law

Read more:

»  Two More Windows Patches from Microsoft

»  Has Safari Suddenly Appeared on Your Windows XP or Windows Vista Machine? Surprise!

»  New Critical Internet Explorer (IE) Flaw Involves Msdds.dll

»  New Security Update for Firefox Fixes High Risk Issues

For additional similar stories check out our archives on Security

NOTE: We never, ever, ever will recommend any product or service on this site that we have not regularly used ourselves and do not wholeheartedly believe in. That said, in some cases after being very pleased with a product or service, we may enter into a relationship with the provider of that product or service such that if someone purchases that product or service based on our recommendation, we may get a small payment. Such payments go towards the upkeep of the Internet Patrol.