Don't let the Safari 4 Top Sites Phish Bombs Get You!

Which web browser are you currently using? If you had to randomly select any five people from any shopping center worldwide, and ask them which browser they are using, it is highly possible that the answer will not be the same for each person. This is because there are many advantages and disadvantages to each browser available, as well as the factor that it is dependent upon personal preferences. Have you ever tried using Apple Safari? And if you did, how did you find it? Some people really enjoy using Apple Safari and use it as their browser of choice. Unfortunately a vulnerability has hit Apple Safari that relates to Safari's top website promotion feature.

Let me get into more detail about this vulnerability, in order for you to gain a better understanding. Let it be known that Safari 4 has come up with a Top Sites feature that provides it's users with a small view of their favorite web sites in a quick glance. It is one of it's more popular features that enables users to land on their chosen websites quickly and easily. The platforms which are affected include Windows Vista and Windows XP. Some of the files of Windows XP include: acspecfc.dll, apmbatt.sys, comrepl.exe as well as compstui.dll.

The fundamental problem with this vulnerability is that manipulated websites are able to put certain arbitrary sites into your Top Sites view, this is achieved through automated actions. This will give malicious attackers the ability to perform phishing attacks. If online attackers manage to successfully exploit this vulnerability it will lead to the high risk of other types of online attacks.

Table 1. The affected platforms.

You may, at this point, be curious as to which versions of Apple Safari are vulnerable. The particular versions of Apple Safari that are vulnerable are versions prior to version 4.0.3. No I am not psychic, but I am sure you are now wondering what the solution to this vulnerability is. Firstly this vulnerability can be dealt with by preventing all automated visits to websites from affecting the Top Sites List. It is vital that only websites that are manually put into the URL address bar, be considered to be put into the Top Sites view.

There also updates which were made available in a decent time period from when this vulnerability was discovered. So the next part of the solution to this vulnerability is for all users to upgrade to the latest version, which is version 4.0.3 of the Apple Safari browser. If you are wondering where to find the updates, you do not need to wonder anymore for I will tell you. The Apple security updates are available to the general public from the Software update mechanism on the Apple web site. Alternatively you can apply the Apple Security updates for manual download from the Apple support/downloads section of the Apple web page. If you take the necessary steps, it will not be necessary for an online attacker to target you, because the problem will hopefully be gone.