Security Vulnerability Found in Safari RSS
Open source programmer Brian Mastenbrook has discovered a security flaw in the way that Safari handles RSS feeds. The vulnerability, which affects both Mac and Windows versions of Safari, could allow a malicious website to gain access to sensitive user data.
I have discovered that Apple's Safari browser is vulnerable to an attack that allows a malicious web site to read files on a user's hard drive without user intervention. This can be used to gain access to sensitive information stored on the user's computer, such as emails, passwords, or cookies that could be used to gain access to the user's accounts on some web sites. The vulnerability has been acknowledged by Apple.
Mastenbrook reports that all OS X 10.5 Leopard users, regardless of whether they use Safari or RSS feeds, should protect themselves by choosing an application other than Safari for reading RSS feeds, an option available in the "RSS" tab of Safari's Preferences. Safari for Windows users should utilize a different browser until Apple issues a patch. Mastenbrook, who has received credit from Apple for reporting a number of security issues over the past year, says that Apple has not given a timeframe for a fix.Top Rated Comments
(View all)
40 months ago
The temp fix is very easy. Everyone should do so now:
Open Safari and select Preferences... from the Safari menu.
Choose the RSS tab from the top of the Preferences window.
Click on the Default RSS reader pop-up and select an application other than Safari.
40 months ago
Scary. Its amazing what people can do today. Everything was so simple before the internet :P
40 months ago
I hope people start realizing that Safari isn't, as apple puts it, "the world's best browser".......
40 months ago
If this doesn't affect Mail, you can switch to that as your RSS reader. I've been using Mail as my RSS reader since Leopard came out. Works better than Safari did.
40 months ago
I don't use RSS, but for those who do this looks like something serious as they can access your hardrive just like that. Remember this is for both Windows and Mac safari users :(:apple:
[ Read All Comments ]
Analytics firm Chitika today released a report showing that by its metrics iOS has now surpassed OS X in overall web traffic share in the United States. Chitika's methodology involves an analysis...
One of the most frequent reasons for an iPhone to go on a trip to the Apple Store's Genius Bar is because of water damage. Typically, a water damaged iPhone can be replaced for a flat $199...
TheVerge's Joshua Topolsky summarizes the iPad 3 casing findings reported earlier today, but also adds his own sources regarding some details of the iPad 3.
Image from RepairLabs
As...
Last July, Apple discontinued the white MacBook from its consumer lineup, pushing consumers toward the company's popular MacBook Air line or the 13-inch MacBook Pro. The company didn't kill...
Popular iPhone Twitter client Tweetbot has finally arrived on the iPad, with a user interface instantly familiar to any current Tweetbot user. Designed for the Twitter power-user, Tweetbot packs a...
