FTP bug sends doc hunters on nasty detours
Jouko Pynnönen, a security chap with Finnish firm Klikki Oy, has found a since patched bug he says could affect a billion Apple iDevices. Pynnönensays the cross-domain vulnerability in Safari's file transfer URL schemes allows attackers to modify website HTTP cookies and have documents loaded from malicious sites. "An attacker could create web content which, when viewed by a target user, bypasses some of the normal cross-domain restrictions to access or modify HTTP cookies belonging to any web...