Safari Cookies Workaround?

Posted:
in Mac Software edited January 2014
Any ideas (besides switching browsers) how to workaround the problem in Safari until a fix by Apple?



Ref:



Safari Cookies Problem

Comments

  • Reply 1 of 9
    shetlineshetline Posts: 4,695member
    Quote:

    Originally posted by mcsjgs

    Safari Cookies Problem



    It looks like today's security update, which according to BNOYHTUAWB's posted BOM modified something in Safari, didn't fix this cookie vulnerability. And that's some vulnerability! I hope Apple gets on it fast.
  • Reply 2 of 9
    Quote:

    Originally posted by mcsjgs

    Any ideas (besides switching browsers) how to workaround the problem in Safari until a fix by Apple?



    Ref:



    Safari Cookies Problem




    Either turn off cookies entirely or use another browser. Maybe turning on "only from sites you navigate to" in the security pane of the Safari prefs.
  • Reply 3 of 9
    A real pain this. Delete all cookies, clean caches, delete history, switch browsers. Dump cookies after every session, clean caches again. Jeez, one of the users on this machine shops a lot online, and is really sweating this one. How can this possibly have gotten past QC? Unbelievable.
  • Reply 4 of 9
    Moving to Software.
  • Reply 5 of 9
    Quote:

    Originally posted by mcsjgs

    A real pain this. Delete all cookies, clean caches, delete history, switch browsers. Dump cookies after every session, clean caches again. Jeez, one of the users on this machine shops a lot online, and is really sweating this one. How can this possibly have gotten past QC? Unbelievable.



    You're right, it's a terrible flaw. If this person is shopping at reputable stores with relatively secure websites, however, I don't think there's a whole lot of danger. Cookies rarely store sensitive information like credit or account numbers. Passwords are stored from time to time, but they are often encrypted. The worst I could see happening is that your cookies get read and your browsing habits are known.



    BUT, and this is a big but, I have a hard time seeing how this would really be a problem for anyone. Why? Well, that site you linked to showed that my cookies could be read, but only AFTER I typed the domain it should fake. Without that information, it couldn't get the information.



    In other words, it can only read your cookies after it knows what to look for. This is a slight problem because it could just do the major ones like amazon.com or something, but those are the aforementioned good websites that don't do stupid stuff with cookies. Don't panic. It will be fixed in short order, I'm sure.
  • Reply 6 of 9
    Quote:

    Originally posted by pensieve

    Maybe turning on "only from sites you navigate to" in the security pane of the Safari prefs.



    Unfortunately, this doesn't help.
  • Reply 7 of 9
    Quote:

    Originally posted by Brad

    Unfortunately, this doesn't help.



    I didn't think it would. Any thoughts about my musings up above, though?
  • Reply 8 of 9
    By turning off cookies you will defeat this exploit, and also defeat the purpose of cookies.



    Minor note, OmniWeb is not veunerable.
  • Reply 9 of 9
    mcsjgsmcsjgs Posts: 244member
    Macintouch.com is reporting a fix for the cookies stealing problem with a program written by hetima.com. See here for more details:



    Hetima Cookies Stealing Patch



    It is a patch for Safari so use at your own risk. It does appear to stop the problem.



    For more information go here:



    Bugtraq Description of Problem, Solution



    and here for test:



    http://insecure.ws/
Sign In or Register to comment.