When Apple pushed out its most recent round of patches last week it fixed a cookie vulnerability that existed in all versions of Safari, including those that run on iOS, OS X, and Windows. According to researchers who dug it up, the number of affected devices may total one billion.
The issue – present in Webkit – is technically a cross-domain vulnerability, meaning that an attacker could rig web content to bypass some of the normal cross-domain restrictions when a user views it. The attacker could then use that access to modify HTTP cookies on a website.
Leave a reply