In association with heise online

13 January 2009, 09:52

Vulnerability in Apple's Safari

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

According to Brian Mastenbrook, who disclosed the existence of the problem in his blog, a flaw in Apple's Safari web browser makes it vulnerable to malicious web sites. The flaw allows files to be read from a users hard drive and Masterbrook believes the flaw exposes sensitive information such as email, passwords and cookies, which could be used to gain access to other web sites.

Masterbrook has previously discovered and reported flaws in Mac OS X, resulting in Apple security updates. The issue is related to Safari's handling of RSS feeds, a feature enabled by default in Mac OS X. Apple has acknowledged the issue, but has not announced when an update will be available. Mac OS X users are recommended to use another application to read RSS by going to Preferences in Safari, selecting the RSS tab and changing the Default RSS reader to another application, such as Apple Mail, which also supports RSS. Safari users on Windows are also affected by the flaw, but Mastenbrook says that the only workaround for them is to use another browser.

See Also:

(djwm)

Print Version | Send by email | Permalink: http://h-online.com/-739639
 


  • July's Community Calendar





The H Open

The H Security

The H Developer

The H Internet Toolkit