Current Event: Security Vulnerability in Safari RSS

By sojc701 at 11:40 am on January 13, 2009 | 2 Comments

According to the open source programmer Brian Mastenbrook, he has found a security flaw in Safari Rss feeds. He said that Apple’s Safari browser is vulnerable to an attack that allows a malicious web site to read files on a user’s hard drive without user intervention. The vulnerability affects both Mac and Windows versions of Safari. This can be used to gain access to sensitive information stored on the user’s computer, such as emails, passwords, or cookies that could be used to gain access to the user’s accounts on some web sites.

Mastenbrook reports that all users of Mac OS X 10.5 Leopard who have not changed their feed reader application preference from the system default are affected, regardless of whether they use any RSS feeds or use a different web browser (such as Firefox). Users of previous versions of Mac OS X are not affected. Users of Safari on Windows are also affected. Users who have Safari for Windows installed but do not use it for browsing are not affected.

Although the vulnerability has been acknowledged by Apple, Apple has not made information available on when a fix for this issue will be released.

Threrefore, Mastenbrook recommends users not to use the Safari as a default RSS reader.
For Mac users,
1. Open Safari and select Preferences… from the Safari menu.
2. Choose the RSS tab from the top of the Preferences window.
3. Click on the Default RSS reader pop-up and select an application other than Safari.
For Windows users, use a different web browser.

For more information at http://brian.mastenbrook.net/display/27

Filed under: Current Events,Miscellaneous2 Comments »