updated 10:10 am EST, Tue January 13, 2009
Safari RSS vulnerability
A vulnerability in both the Mac and Windows versions of Safari may present serious privacy concerns, says coder Brian Mastenbrook. The problem, said to have been confirmed by Apple, is specifically related to the application's built-in RSS reader, which may be exploitable to read the contents of a person's hard drive. The exploit is triggerable by visiting a malicious website, and could in theory allow access to items like e-mail and passwords.
The only Macs vulnerable are said to be those using Mac OS X Leopard, but the threat must then be averted by picking a new RSS reader from Safari's Preferences menu; simply avoiding Safari or even RSS feeds may not provide security. Windows users can simply turn to an alternate browser, such as Opera or Firefox.
Apple is said to have provided no information so far on when patches for the problem might be released.