Apple has released nine new patches today, designed to patch and repair several flaws in the standard OS X operating system and programs. One of the most critical of these is the flaw which allows phishers to take advantage of browsers which support the International Domain Name standard. Safari is one such browser which supports the International Domain Name (IDN) standard, and as such users running Safari were vulnerable to the phishing attacks which take advantage of the flaw. Other browsers susceptible to the International Domain Name standard spoof include Firefox, Mozilla, and Opera.
The way that the IDN spoof works is by taking advantage of the fact that these browsers will render certain non-traditional characters in an international domain name as more commonly recognized Latin characters. Thus, for example, a phisher could register “Ã mazon.com”, but in one of the affected browsers it would appear as “amazon.com”, and thus be trusted by the user. (For those of you whose browsers did not render the first “Ã mazon.com” correctly, there is an accent over the first “a”, and well, now you see the problem.)
In addition to the patch for Safari, Apple released two different patches for AFP Server, a patch for Bluetooth Setup Assistant, one for Core Foundation, one each for Cyrus IMAP and SASL, one for Folder permissions, and one for Mailman.
The patches are all available from the [Page no longer available – we have linked to the archive.org version instead].
|No Paywall Here!
The Internet Patrol is and always has been free. We don't hide our articles behind a paywall, or restrict the number of articles you can read in a month if you don't give us money. That said, it does cost us money to run the site, so if something you read here was helpful or useful, won't you consider donating something to help keep the Internet Patrol free?