Open Source Software Engineer Reports Vulnerability in Safari RSS Feeds

Choose text size:

January 13th, 2009 at 11:15 AM - News by Chris Barylick

In a post to his blog on Sunday, open source software engineer Brian Mastenbrook stated he's located a vulnerability in the Safari web browser for the Mac OS X and Windows operating systems that could compromise a user's files and passwords if exploited.

"Safari ... is vulnerable to an attack that allows a malicious web site to read files on a user's hard drive without user intervention," Mastenbrook wrote. "This can be used to gain access to sensitive information stored on the user's computer, such as emails, passwords, or cookies that could be used to gain access to the user's accounts on some web sites."

Mastenbrook then advises that users change their default RSS reader preference to another feed reader, such as the one embedded in Apple's Mail program or NetNewsWire.

Where Windows users are concerned, Mastenbrook's blog entry suggests that users rely on an alternate web browser until the security hole is patched.

Though not a widely known name outside security circles, Mastenbrook is currently credited with no fewer than four mentions by name in previous security updates and fixes.

2 Observer Comments

Quote Sir Harry Flashman said on January 13th, 2009 at 1:59 PM:

I wonder how soon it will before Apple has a security update for this.

Quote Original Workaround Not Sufficient said on January 14th, 2009 at 1:35 PM:

“The original version of this page contained a simple workaround for this issue which I believed would protect users against this problem. I have since discovered (on 13 January 2009) that changing the default RSS feed reader application in Safari does not correctly disassociate Safari from all RSS feed URLs. The workaround section of this post has been updated with additional information. I regret that what initially appeared to be a simple workaround is now substantially more complicated and requires the installation of third-party software to perform.”

Page 1 of 1 pages

Commenting is not available in this section entry.

Recent Headlines - Updated July 3rd

Fri, 10:29 AM: News - Apple Warns of Learning Interchange Security Breach
7:30 AM: News - Happy Fourth of July!
Thu, 6:07 PM: TMO Scoop - Psystar Moves to Drop Bankruptcy Ahead of Apple Legal Battle
5:52 PM: In-Depth Review - Trivial Pursuit: A Solid Adaptation of a Classic Board Game
5:37 PM: News - Uncomfirmed Reports Say Apple & Nvidia On The Outs
4:57 PM: News - Microsoft Sick Over Barf Ad
4:09 PM: Product News - KRK Ships R6 Passive Studio Monitor for Recording
3:45 PM: John Martellaro's Blog - Particle Debris (week ending 7/2) Juiced, Joost and Goosed
3:41 PM: iPhone - New iPhone Bootcamp Dates from Big Nerd Ranch Europe
3:12 PM: Product News - ExactScan 2 Pro Released
1:56 PM: Deal Brothers - Apple TV with 160GB Hard Drive: $324.00 Delivered
1:22 PM: Quick Look Review - Wings Earth for iPhone: A Pleasant Flying Experience

The Mac Observer Reader Specials

Download Typestyler, still the Ultimate Styling Tool for Internet, Print and Video Graphics. Works great in Classic with a Native OS X Version on the way. Free Tryout: www.typestyler.com
OWC: Big Drives, High Performance - Not High Prices! SATA 3.5" up to 1.5TB. Notebook up to 500GB. FW up to 6.0TB. 1.0TB Drive Models from as low as $97.99 www.MacSales.com
If you're using a Mac, then you've gotta check out Full Tilt Poker for Mac. This Full Tilt Poker bonus code does the unthinkable, it actually rewards!
RamJet Memory: MacBook and MacBook Pro 4GB kits for $57.99! Mac Pro 4GB Kits $99.99! iMac and Mac mini 4GB Kits for $57.99! 1TB SATA Hard Drives for $109.99! Click here
For the latest Apple products use Ciao, a price comparison website, to find laptops like MacBook Air. Then find the best prices on MP3 players and use our comparison tool to evaluate mobile phones like the Apple iPhone.
Laptop Hardware Provided by TechRestore - Overnight Mac & iPod Repairs.

Hot Topics

What's the buzz? These articles have TMO readers talking.

Little Snitch, ZoneAlarm, Outbound Firewalls, Blech! - 17 Comments
Does the New Tech Make Old School Journalism Obsolete? - 16 Comments
What I Don’t Like About iPhone Apps - 12 Comments
Microsoft Promotes IE8 with Barf Ad - 11 Comments
Buyer Beware of iPhone Buying Service: NextWorth - 10 Comments
Psystar Releases New Mac Clone, Preps for Legal Battle - 9 Comments

Top Deals From DealBrothers.com

Recent Features

Get the latest installments of TMO Columns, Podcasts, & Blogs.

© The Mac Observer, Inc. -- All rights reserved. All information presented on this site is copyrighted by The Mac Observer, Inc. except where otherwise noted. No portion of this site may be copied without express written consent. Other sites are invited to link to any aspect of this site provided that all content is presented in its original form and is not placed within another frame. The Mac Observer is an independent publication and has not been authorized, sponsored, or otherwise approved by Apple, Inc.