Apple’s Safari Web browser doesn’t validate the Common Name of a SSL certificate, according to a report on
Secunia, an Internet security Web site.
The lack of validation makes it possible to spoof SSL sites, so that you can’t trust the authenticity of an SSL site, according to Secunia. As a result, the site recommends you not use Safari to access SSL sites where you “need to trust the authenticity.”
“SSL serves two main purposes; one is to ensure the authenticity of the server, which you are communicating with, the other is to provide encrypted communication,” Secunia reports. “The authenticity part is completely broken when the Common Name isn’t verified, since the user can’t know if he is communicating with the host in the address bar.”