Yes, Apple users, it is a sad truth, but you have security flaws too. The Danish security firm Secunia has discovered a vulnerability in the Safari web browser that it has labeled “highly critical”, the most serious security rating the firm can give. The flaw has been confirmed by the United States Computer Emergency Readiness Team, a Department of Homeland Security, and an advisory has been issued.
So far the bug is specifically targeting Windows operating systems, but Apple’s OS may also be affected. The flaw allows hackers to access key information when the user opens webmail services like Gmail, Hotmail, or Yahoo. The hacker can then log user data including passwords and even credit card information. The warning also claims that specially crafted websites can grant hackers access, as can closing specific pop ups.
The issue is specifically related to a badly coded section in Safari. Apple has met the security flaw with the same forthcoming attitude and tenacity that they meet all security flaws – in other words they have remained silent on the subject and refuse to comment. No patch has been released, and it is anyone’s guess when or if there will be one. Until there is, Secunia recommends that you “Do not visit untrusted web sites or follow links from untrusted sources. Do not authenticate to sites that use HTTP basic authentication and use redirections to different domains.”
The Safari browser has been plagued with security issues since its release, and Apple has faced criticism for releasing patches without announcing the security flaw that the patch is for. In March, Apple released 16 patches for Safari, including 10 that specifically affected Mac OS X.