Safari RSS Security Vulnerability Comes to Light


If you have Safari, on either Windows or OS X, you could be open to malicious attacks whereby users can gain unauthorized access to files on your hard drive.

That’s according to a new tech note from developer Brian Mastenbrook, who has taken matters into his own hands while we wait for an official fix from Apple. And good thing, too, since this vulnerability is apparently nothing to sneeze at, as attackers can easily get their hands on sensitive information stored in cookies, emails, etc.

Even if you don’t use Safari as your primary browser, you could still be at risk, if you haven’t selected¬† a different default feed reading application. That means you, OS X users. If you’re a Windows user and you don’t use Safari as your default browser, you should be in the clear.

Here’s the fix for OS X users:

  1. Open Safari and select Preferences… from the Safari menu.
  2. Choose the RSS tab from the top of the Preferences window.
  3. Click on the Default RSS reader pop-up and select an application other than Safari.

There’s currently no indication of when Apple will issue a fix, but they are aware of the problem, so keep an out for a Software Update coming soon.

You're subscribed! If you like, you can update your settings


Comments have been disabled for this post