Security Update 2005-003

Includes a Safari/Web Kit update to address the IDN domain-name-spoofing issue. Judging by the description, it’s a good solution: by default, they disallow Roman-look-alike scripts. This allows non-Roman Unicode characters in domain names (say, for Asian languages), but disallows the use of Unicode trickery to use a domain name that looks like, say, “paypal.com”, but which really contains one or more obscure Roman Unicode characters that just happen to look like ‘a’, ‘l’, ‘p’, or ‘y’.

Monday, 21 March 2005