Open Source Software Engineer Reports Vulnerability in Safari RSS Feeds
January 13th, 2009 at 11:15 AM - News by Chris Barylick
In a post to his blog on Sunday, open source software engineer Brian Mastenbrook stated he's located a vulnerability in the Safari web browser for the Mac OS X and Windows operating systems that could compromise a user's files and passwords if exploited.
"Safari ... is vulnerable to an attack that allows a malicious web site to read files on a user's hard drive without user intervention," Mastenbrook wrote. "This can be used to gain access to sensitive information stored on the user's computer, such as emails, passwords, or cookies that could be used to gain access to the user's accounts on some web sites."
Mastenbrook then advises that users change their default RSS reader preference to another feed reader, such as the one embedded in Apple's Mail program or NetNewsWire.
Where Windows users are concerned, Mastenbrook's blog entry suggests that users rely on an alternate web browser until the security hole is patched.
Though not a widely known name outside security circles, Mastenbrook is currently credited with no fewer than four mentions by name in previous security updates and fixes.
2 Observer Comments
I wonder how soon it will before Apple has a security update for this.
“The original version of this page contained a simple workaround for this issue which I believed would protect users against this problem. I have since discovered (on 13 January 2009) that changing the default RSS feed reader application in Safari does not correctly disassociate Safari from all RSS feed URLs. The workaround section of this post has been updated with additional information. I regret that what initially appeared to be a simple workaround is now substantially more complicated and requires the installation of third-party software to perform.”
Recent Headlines - Updated July 3rd
- Fri, 10:29 AM
- News - Apple Warns of Learning Interchange Security Breach
- 7:30 AM
- News - Happy Fourth of July!
- Thu, 6:07 PM
- TMO Scoop - Psystar Moves to Drop Bankruptcy Ahead of Apple Legal Battle
- 5:52 PM
- In-Depth Review - Trivial Pursuit: A Solid Adaptation of a Classic Board Game
- 5:37 PM
- News - Uncomfirmed Reports Say Apple & Nvidia On The Outs
- 4:57 PM
- News - Microsoft Sick Over Barf Ad
- 4:09 PM
- Product News - KRK Ships R6 Passive Studio Monitor for Recording
- 3:45 PM
- John Martellaro's Blog - Particle Debris (week ending 7/2) Juiced, Joost and Goosed
- 3:41 PM
- iPhone - New iPhone Bootcamp Dates from Big Nerd Ranch Europe
- 3:12 PM
- Product News - ExactScan 2 Pro Released
- 1:56 PM
- Deal Brothers - Apple TV with 160GB Hard Drive: $324.00 Delivered
- 1:22 PM
- Quick Look Review - Wings Earth for iPhone: A Pleasant Flying Experience
The Mac Observer Reader Specials
- Download Typestyler, still the Ultimate Styling Tool for Internet, Print and Video Graphics. Works great in Classic with a Native OS X Version on the way. Free Tryout: www.typestyler.com
OWC: Big Drives, High Performance - Not High Prices! SATA 3.5" up to 1.5TB. Notebook up to 500GB. FW up to 6.0TB. 1.0TB Drive Models from as low as $97.99 www.MacSales.com
If you're using a Mac, then you've gotta check out Full Tilt Poker for Mac. This Full Tilt Poker bonus code does the unthinkable, it actually rewards!
RamJet Memory: MacBook and MacBook Pro 4GB kits for $57.99! Mac Pro 4GB Kits $99.99! iMac and Mac mini 4GB Kits for $57.99! 1TB SATA Hard Drives for $109.99! Click hereFor the latest Apple products use Ciao, a price comparison website, to find laptops like MacBook Air. Then find the best prices on MP3 players and use our comparison tool to evaluate mobile phones like the Apple iPhone.
Laptop Hardware Provided by TechRestore - Overnight Mac & iPod Repairs.


Refurbished MacBook Deals at the Apple Store from $949.00 Delivered
OneCall’s Weekend Sale - Starting at 10:00 pm Friday Night - Follow us on Twitter to get a Reminder!