Get the Original: Because Steve Says So T-Shirt
Your one stop Mac spot

Warning: file() [function.file]: php_network_getaddresses: getaddrinfo failed: Name or service not known in /homepages/30/d186991128/htdocs/MacBlogzStaging/wp-content/themes/macblogz/header.php on line 101

Warning: file(http://download.finance.yahoo.com/d/quotes.csv?s=AAPL&f=sl1d1t1c1ohgv&e=.csv) [function.file]: failed to open stream: Success in /homepages/30/d186991128/htdocs/MacBlogzStaging/wp-content/themes/macblogz/header.php on line 101
AAPL: 0.00 ( . )

Blog

Apple Acknowledges Fairly Serious Safari RSS Vulnerability

Apple has acknowledge a moderately frightening Safari RSS vulnerability than makes the browser vulnerable to attack without user intervention.

battery lifeBrian Mastenbrook, a computer scientist using Apple’s Safari browser discovered the bug and reported it to Apple.

“I have discovered that Apple’s Safari browser is vulnerable to an attack that allows a malicious web site to read files on a user’s hard drive without user intervention. This can be used to gain access to sensitive information stored on the user’s computer, such as emails, passwords, or cookies that could be used to gain access to the user’s accounts on some web sites. The vulnerability has been acknowledged by Apple,” Masterbook explains. “All users of Mac OS X 10.5 Leopard who have not changed their feed reader application preference from the system default are affected, regardless of whether they use RSS feeds or use a different web browser (such as Firefox).”

The vulnerability can give malicious users access to most information that is stored within browser cookies such as e-mails, passwords, visited websites, and so forth. As Ars Technica notes, this vulnerability affects any Mac OS X user that has Safari set to the default RSS feed reader. Even if you don’t regularly read RSS feeds through Safari, your settings may be set in Safari’s preferences, so make sure and check.

In regards to a specific exploit out in the wild, Masterbook explains that he hasn’t found or hear of one yet. However, as Ars points out, someone with enough free time and creativity may feel inclined to make that happen. Luckily, a person like Masterbook found this exploit instead of someone on the other side of internet security. As expected, he’s not revealing the exploit details as he has reported the bug to Apple and will most likely communicate with them to patch things up.

For now, the workaround is simple and if you haven’t already, follow these simple steps:

1. Open Safari and select Preferences… from the Safari menu.
2. Choose the RSS tab from the top of the Preferences window.
3. Click on the Default RSS reader pop-up and select an application other than Safari.

Comments [0]