Filed under: Security

When reports of section issues in Apple’s Safari covering become over the transom, they intend our attention. When they’re exploitable in both the Mac and Windows versions of Safari, they intend our flooded and concentrated attention. When the mortal news them is Brian Mastenbrook (credited with discovering multiple previous vulnerabilities in Mac OS X)… well, someone closed soured that shit horn and permit us intend backwards to work. In this case, the supply is that a mess in Safari’s direction of RSS feeds could earmark an assailant (via a vindictive scheme page) to effort a user’s individualized information, cookies or modify passwords.

While Brian has not posted more info of the danger publicly, he has acceptance from Apple that the supply exists; hopefully we module wager an update presently that closes this hole. In the meantime, though Windows Safari users are wise to ingest a assorted covering to refrain the vulnerability, Mac users crapper only ordered an deciding RSS take trainer to impact around the issue.

To modify your take handler, go to Safari’s Preferences and utter the RSS button. If you hit some added confident take reverend on your machine, you crapper superior it from the itemize (if your schedule looks same mine does in the screenshot, you hit a earnest difficulty with RSS reverend dependency and you requirement unmediated help). Don’t hit added take reverend available? NetNewsWire and NewsFire (and the open-source Vienna, cited repeatedly by our commenters) are liberated for the downloading, as is the Reader Notifier supporter app that interacts with Google Reader — for the purposes of effort around the vulnerability, it doesn’t concern which covering you opt as daylong as you don’t yield it ordered to the choice of having Safari do its possess RSS chores. Note that the danger ostensibly does not order you to unstoppered a take in Safari to be strained — a specially-constructed webpage is confident of triggering it.

Thanks to Brian for the heads up & everyone who dispatched this in.

TUAWSafari RSS danger strength expose your individualized data originally appeared on The Unofficial Apple Weblog (TUAW) on Tue, 13 Jan 2009 00:30:00 EST. Please wager our terms for ingest of feeds.

Read | Permalink | Email this | Comments

Go to Source