41
vote
Gareth showed me a rather nice proof of concept of a serious hole in Apple Safari. If you see the exploit you'll probably notice that this is classic Javascript frame hijacking, and normally used for spoofing websites. What struck me most is that these kind of exploits are very well known, if you are into browser security this stuff is essential meat, because it could give you access to the remote pages Javascript. And in this example it really does. So, it actually breaks the same origin policy in Safari.
Bookmark/Search this post with:
Trackback URL for this post:
http://www.secgeeks.com/trackback/919
