Feature ArticlesInternet SecurityProtect Your Information

Hijacking Safari 4 Top Sites with Phish Bombs

Once again, outdated browser versions have fallen to the trap of malicious software and users who are able to take control of a victim’s computer, manipulate his or her browser, and inject unwanted software into the computer through design flaws by many browsers.

Within Safari browser exists the Top Sites interface, portraying most commonly visited sites or the user’s favorite sites that he or she uses. Furthermore, within this interface exists flaws on Safari versions earlier than 4.0.3.

Injected javascript is able to use the own system of tracking the liked websites to insert the websites that the user of the injected Java wants to insert. For users of this Safari version, this appears to be quite the problem, but this phishing issue has been patched in later versions of Safari.

The manual solution created is to change Top Sites interface from automatically tracked websites to manually inputted websites that the user desires. The Javascript can thus no longer exploit the system of inserting the websites and insert its own.

In an effort to maintain a high convenience rate, proclaimed “convenience pioneers” such as Apple and Google have forced upon their users various in-software settings. The automatic Top Sites interface is one, but fortunately these companies have not removed the ability to manipulate the interface on our own in an effort to reduce automatic convenience but be able to better protect our information and property.


Secure Thoughts

Opera browser
Previous post

Pwning Opera Unite with Inferno’s Eleven

chrome browser security
Next post

Exploiting Chrome and Opera’s inbuilt ATOM/RSS reader with Script Execution and more