Well, this one is an interesting issue I found while evaluating Safari 4 Beta (v528.16). This is not your usual XSS or CSRF bug which requires a site vulnerability, but a persistent browser backdoor that impacts all Safari 4 users using versions 4.0.2 and below. I was pretty amazed at some of the new features offered by the latest version of Apple’s browser, especially the hyped Top Sites and Cover Flow
Once the attack completes execution, the small window gets closed and the next time you use Safari Top Sites, it will be have the attacker’s defined sites replace your existing legitimate sites. To make this decision of which sites to replace with, an attacker can first use the CSS History Hack found by Jeremiah Grossman and then accordingly set fake sites relative to those user’s visited websites. Hence, this could easily facilitate a serious phishing attack. The situation is worsened by the Safari’s inadequate protection against URL obfuscation attacks as highlighted in , which makes it almost impossible for a regular user to spot the fake site and differentiate it from a legitimate one.
For more info and POC check SecureThoughts