Skip to main content

Posts

Showing posts from September, 2015

Apple Safari URI spoofing (CVE-2015-5764)

tl;dr Apple Safari for OS X was prone to URI spoofing vulnerability  (and more general a user interface spoofing). Apple released security updates for Safari 9 on OS X and assigned CVE-2015-5764. Accidentally this vulnerability was also present in iOS.

Instant demo In Safari up to 8.0.8 :
go to https://asanso.github.io/CVE-2015-5764/file0.htmlclick "click me!"notice the address bar being "data:text/html,%3CH1%3EHi!!%3C/H1%3E"go back using the browser buttonclick "click me!"notice the address bar being http://www.intothesymmetry.com/CVE-2015-5764/file0.php !!!! 
Well this looks a clear caching problem to me, right :) ?

The Introduction (Oldie but goldie) Several months ago (almost a year!!) I was reading the great book written by lcamtuf (aka Michal Zalewski) named The Tangled Web .  I know, I know I was a bit late for the party :)
Said that, this book contained a really interesting Chapter (for the record Chapter 10) that is dedicated almost entirely to pse…

New OAuth book: OAuth 2 in Action

Justin Richer and myself have been writing a book about OAuth.



It gives a deep look at the OAuth 2.0 protocol including hands on examples and practical implementation vulnerabilities to avoid. You can preorder the book today or you can download the first chapter for free on the publisher’s website:

https://www.manning.com/books/oauth-2-in-action

Happy reading!!

p.s. for the next few days, you can order it at half-off with the code mloauth2