Vulnerability in Apple's Safari
According to Brian Mastenbrook, who disclosed the existence of the problem in his blog, a flaw in Apple's Safari web browser makes it vulnerable to malicious web sites. The flaw allows files to be read from a users hard drive and Masterbrook believes the flaw exposes sensitive information such as email, passwords and cookies, which could be used to gain access to other web sites.
Masterbrook has previously discovered and reported flaws in Mac OS X, resulting in Apple security updates. The issue is related to Safari's handling of RSS feeds, a feature enabled by default in Mac OS X. Apple has acknowledged the issue, but has not announced when an update will be available. Mac OS X users are recommended to use another application to read RSS by going to Preferences in Safari, selecting the RSS tab and changing the Default RSS reader to another application, such as Apple Mail, which also supports RSS. Safari users on Windows are also affected by the flaw, but Mastenbrook says that the only workaround for them is to use another browser.
See Also:
- Disclosure of information vulnerability in Safari, advisory from Brian Mastenbrook
(djwm)