Secunia has issued an advisory about a URL spoofing flaw they have discovered in Safari, both for Mac OS X and for Windows. As they say, “The problem is that it is possible to hide the actual location of a page in the address bar via a specially crafted URL containing a number of certain special characters in the “user” field before the “@” character.” What this means is that you may go to a web site, via a link, and not be on the correct site; the address may look correct, but may not be, leading you into a phishing net.
The only precaution you can take for now, until Apple fixes this, is to avoid browsing on untrusted websites. If you even visit a website that has a link to, say, PayPal or to your Bank, don’t click that link (unless you trust the originating site), but rather type the URL or use your own bookmark.
