Concerned about recent PAN-OS and other firewall/VPN CVEs? Take advantage of Zscaler’s special offer today
Read more

Blog de Zscaler

Reciba en su bandeja de entrada las últimas actualizaciones del blog de Zscaler

Suscríbase
Investigación de seguridad

Apple Patches Persistent Cookie Vulnerability Discovered by Zscaler

image
ABHINAV BANSAL
julio 18, 2016 - 2 Min de lectura
Información de seguridad

Contenido

  1. Article
  2. Más blogs

 

Cookies are a fundamental part of our everyday web access.  We take them for granted and freely give websites access to relevant “cookies” in our browsers because they dramatically enhance our user experience. Cookies are considered “persistent” if they last beyond a single browser session. Persistent cookies remain in your browser until you explicitly erase them or your browser deletes them after a given duration (set by the site using the cookie).

Typical examples of websites that use persistent cookies are your favorite webmail sites like Gmail and Yahoo!. They use use persistent cookies to remember you, so you don’t have to log in every time you go to get your email.

Description of Vulnerability in Apple OSX and its Potential Impact

Zscaler discovered a vulnerability in Apple’s recent OS X version (El Capitan), which enabled applications that did not have the appropriate privileges to access cookies stored in the Safari browser. This access could result in a malicious application lifting all the persistent cookies for a given user and accessing sites posing as that user. In the case of email (like those of the sites mentioned above), it could result in a malicious application getting access to all your email.  Worse, it could gain access to a site that stores more personal and confidential information about you.

Apple Releases Patch to Fix Vulnerability

Today, Apple released a new update to El Capitan v10.11.6 with Security Update 2016-004 that addresses this vulnerability.  More details of the release are here.

Additional Information on Persistent Cookies

The use of persistent cookies is growing steadily.  As of July 2016, 23.6 percent of all websites use persistent cookies. While 38.6 percent of these sites use cookies that expire in hours, more than 60 percent of sites use cookies that expire in days or months.

 

Some popular sites using persistent cookies include the following:

More information on websites using persistent cookies can be found at w3techs.com.

Stay up to date on the latest threats and trends by reading posts from the Zscaler Research Team’s blog.

form submtited
Gracias por leer

¿Este post ha sido útil?

vote yes
Sí, ¡Muy útil!
vote no
La verdad, no

Explorar más blogs de Zscaler

A cyber criminal shopping for malware
Agniane Stealer: Dark Web’s Crypto Threat
Leer el blog
Business people walking through a city
The Impact of the SEC’s New Cybersecurity Policies
Leer el blog
Digital cloud illuminated in blue
Security Advisory: Remote Code Execution Vulnerability (CVE-2023-3519)
Leer el blog
TOITOIN Trojan
The TOITOIN Trojan: Analyzing a New Multi-Stage Attack Targeting LATAM Region
Leer el blog
01 / 02
dots pattern

Reciba en su bandeja de entrada las últimas actualizaciones del blog de Zscaler

Al enviar el formulario, acepta nuestra política de privacidad.