Apple has released a security update to Mac OS X Panther that patches a vulnerability in the Safari browser.
Security Update 2005-003 includes the following components: AFP Server; Bluetooth Setup Assistant; CoreFoundation; Cyrus SASL; Folder permissions; Safari and Samba; but most importantly, it includes a script for preventing phishers from fooling users of its Safari browser.
The loophole, which is not specific to Safari, could allow an attacker to use certain characters from different languages to create legitimate-looking Web addresses that actually send victims to malicious Web sites, reports ZDNet.
Apple explained: "For example, the Cyrillic letter 'a' could be used in place of the Latin letter 'a', making it difficult for a user to tell if they are at www.apple.com or a malicious imposter website that's designed to look like the real one. These sites can be used to collect account numbers, passwords and other personal information."
The client version of the update is 15MB and the server version is 32MB.