Safari RSS vulnerability affects Mac, Windows users

View this article at: http://www.macnn.com/articles/09/01/13/safari.rss.vulnerability/

Tuesday, Jan 13, 2009 10:10am

Safari RSS vulnerability affects Mac, Windows users

A vulnerability in both the Mac and Windows versions of Safari may present serious privacy concerns, says coder Brian Mastenbrook. The problem, said to have been confirmed by Apple, is specifically related to the application's built-in RSS reader, which may be exploitable to read the contents of a person's hard drive. The exploit is triggerable by visiting a malicious website, and could in theory allow access to items like e-mail and passwords.

The only Macs vulnerable are said to be those using Mac OS X Leopard, but the threat must then be averted by picking a new RSS reader from Safari's Preferences menu; simply avoiding Safari or even RSS feeds may not provide security. Windows users can simply turn to an alternate browser, such as Opera or Firefox.

Apple is said to have provided no information so far on when patches for the problem might be released.