Security Vulnerability Found in Safari RSS
Open source programmer Brian Mastenbrook has discovered a security flaw in the way that Safari handles RSS feeds. The vulnerability, which affects both Mac and Windows versions of Safari, could allow a malicious website to gain access to sensitive user data.
I have discovered that Apple's Safari browser is vulnerable to an attack that allows a malicious web site to read files on a user's hard drive without user intervention. This can be used to gain access to sensitive information stored on the user's computer, such as emails, passwords, or cookies that could be used to gain access to the user's accounts on some web sites. The vulnerability has been acknowledged by Apple.
Mastenbrook reports that all OS X 10.5 Leopard users, regardless of whether they use Safari or RSS feeds, should protect themselves by choosing an application other than Safari for reading RSS feeds, an option available in the "RSS" tab of Safari's Preferences. Safari for Windows users should utilize a different browser until Apple issues a patch. Mastenbrook, who has received credit from Apple for reporting a number of security issues over the past year, says that Apple has not given a timeframe for a fix.
Popular Stories
Apple has announced that iOS 18.2, iPadOS 18.2, and macOS Sequoia 15.2 will be released today following more than six weeks of beta testing.
For the iPhone 15 Pro and iPhone 16 models, the update introduces additional Apple Intelligence features, including Genmoji for creating custom emoji, Image Playground and Image Wand for generating images, and ChatGPT integration for Siri. There is also ...
Next year's iPhone 17 Pro models will reportedly feature a major redesign, specifically centering around changes to the rear camera module, and now new supply chain information appears to confirm the striking change, according to a Chinese leaker.
iPhone 17 Pro concept render
Late last month, The Information's Wayne Ma claimed that the rear of the iPhone 17 Pro and iPhone 17 Pro...
Developers now have access to cloud-based M4 and M4 Pro Mac mini units via MacWeb, a Silicon Valley-based provider of cloud services.
The company has launched three configurations of the new Mac mini, powered by Apple's M4 and M4 Pro chips. Developers and IT teams can rent these machines for tasks ranging from basic development to advanced artificial intelligence modeling, providing an...
Wednesday December 11, 2024 10:02 am PST by
Juli CloverApple today released macOS Sequoia 15.2, the second update to the macOS Sequoia operating system that was released in September. macOS Sequoia 15.2 comes over a month after the release of macOS Sequoia 15.1.
Mac users can download the macOS Sequoia update through the Software Update section of System Settings.
macOS Sequoia 15.2 adds Image Playground, an app that lets you create...
Apple plans to refresh both the Apple TV and the HomePod mini in 2025 as part of a major push into refreshing its smart home product offerings, reports Bloomberg's Mark Gurman.
In a report on an upcoming Apple-designed Bluetooth and Wi-Fi chip, Gurman says that the chip will be introduced in a new Apple TV and HomePod mini that are "scheduled" for 2025. While there is no exact timeline...
Wednesday December 11, 2024 10:54 am PST by
Juli CloverApple today made a mistake with its macOS Sequoia 15.2 update, releasing the software for two Macs that have yet to be launched. There is a software file for "Mac16,12" and "Mac16,13," which are upcoming MacBook Air models.
The leaked software references the "MacBook Air (13-inch, M4, 2025)" and the "MacBook Air (15-inch, M4, 2025)," confirming that new M4 MacBook Air models are in...
Wednesday December 11, 2024 10:03 am PST by
Juli CloverApple today released iOS 18.2 and iPadOS 18.2, the second major updates to the iOS 18 and iPadOS 18 updates that came out in September. The new updates come over a month after Apple released iOS 18.1 and iPadOS 18.1.
Subscribe to the MacRumors YouTube channel for more videos.
The new software can be downloaded on eligible iPhones and iPads over-the-air by going to Settings > General >...