Apple + Security & Privacy

Critical Safari RSS Vulnerability; And How to Fix It

Posted on January 13th, 2009 by

Brian Mastenbrook has discovered a critical Safari RSS vulnerability. To use his words,

  I have discovered that Apple's Safari browser is vulnerable to an attack that allows a malicious web site to read files on a user's hard drive without user intervention. This can be used to gain access to sensitive information stored on the user's computer, such as emails, passwords, or cookies that could be used to gain access to the user's accounts on some web sites. The vulnerability has been acknowledged by Apple.

However, there is a simple way to protect yourself from this vulnerability, until Apple fixes it. In Safari, choose Preferences from the Safari menu. Click the RSS tab, and select a different RSS reader; this could be a program such as NetNewsWire or NewsFire, or it could be Apple's Mail. (Even if you don't have any RSS reader on your Mac, you can choose Mail as the default reader.) Close the preferences and you'll be safe.

Comments are closed.

Sign up For Our Newsletter

Get the latest Mac security news direct to your inbox.

{"url":"\/marketo\/json\/add-to-newsletter","data":"list_name=Blog Roadblock"}