Safari RSS Security Vulnerability Comes to Light

3 Comments

safari_icon

If you have Safari, on either Windows or OS X, you could be open to malicious attacks whereby users can gain unauthorized access to files on your hard drive.

That’s according to a new tech note from developer Brian Mastenbrook, who has taken matters into his own hands while we wait for an official fix from Apple. And good thing, too, since this vulnerability is apparently nothing to sneeze at, as attackers can easily get their hands on sensitive information stored in cookies, emails, etc.

Even if you don’t use Safari as your primary browser, you could still be at risk, if you haven’t selected  a different default feed reading application. That means you, OS X users. If you’re a Windows user and you don’t use Safari as your default browser, you should be in the clear.

Here’s the fix for OS X users:

  1. Open Safari and select Preferences… from the Safari menu.
  2. Choose the RSS tab from the top of the Preferences window.
  3. Click on the Default RSS reader pop-up and select an application other than Safari.

There’s currently no indication of when Apple will issue a fix, but they are aware of the problem, so keep an out for a Software Update coming soon.

3 Comments

Joe

Good job I cam across this post. Have a mac that I use when I’m travelling and was pretty confident about its security features in safari when I’m looking ovber the internet and checking my email.

Looked at the information to the ‘quick fix’ as you’ve suggested and, for a non computer literate (well, ok I suppose but not great), looks as though it shouldn’t be too complicated to implement even for me.

So, thank you for the information, hopefully shouldn’t have anything bad happen in the future as the laptop I have is vital when I go travelling.

Comments are closed.