Tuesday, January 13, 2009, 06:00 am PT (09:00 am ET)
Security flaw in Safari's RSS feeds reportedAn open source software engineer says he's found a vulnerability in Safari for Mac and Windows that could compromise a user's files and passwords if successfully exploited.
Brian Mastenbrook didn't get specific in a blog entry posted Sunday, but he did claim his discovery has already been acknowledged by Apple. All users of Mac OS X 10.5 Leopard are affected, whether they use RSS feeds or not, as long as they have not changed their preference from the default, as seen below.
"Safari ... is vulnerable to an attack that allows a malicious web site to read files on a user's hard drive without user intervention," Mastenbrook wrote. "This can be used to gain access to sensitive information stored on the user's computer, such as emails, passwords, or cookies that could be used to gain access to the user's accounts on some web sites."
According to Mastenbrook, Mac OS X Leopard users should change their Default RSS reader preference to another feed reader. Possible solutions include Mail and NetNewsWire.
Safari for Windows users should use a different web browser until the security hole is patched, he said.
Mastenbrook has a credible reputation for bug reporting, with no fewer than four mentions, by name, in previous Apple release notes.
On Topic: Software
- Microsoft to release free version of OneNote for Mac later this month - report
- Apple updates Final Cut Pro with Mac Pro optimizations
- Adobe releases Lightroom 5.3 with holiday discount, updates Camera Raw 8.3
- New Adobe Lightroom and Camera Raw release candidates fix bugs, add camera support
- Review: 1Password 4 for Mac makes managing all your passwords easy and secure