Apple Safari feed reader flaw could expose private information

By

A researcher has discovered a potentially dangerous, password-stealing vulnerability in Apple's Safari browser, affecting both the Mac and Windows versions of the web browser.

Apple Safari feed reader flaw could expose private information
A researcher has discovered a potentially dangerous, password-stealing vulnerability in Apple's Safari browser, affecting both the Mac and Windows versions of the web browser.

Brian Mastenbrook said on his website that the bug, if exploited, can allow malicious websites to read files sitting on a user's hard drive, without the victim needing to take any action.

"This can be used to gain access to sensitive information stored on the user's computer, such as emails, passwords or cookies that could be used to gain access to the user's accounts on some websites," he said, adding that Apple is aware of the bug.

Users of Mac OS X 10.5, code-named Leopard, are affected if they use the default feed reader application preference, regardless if they use a different browser or use RSS feeds at all, Mastenbrook said. Users of Safari for Windows are also impacted, unless they do not use it for browsing.

Mastenbrook said he does not think the vulnerability is publicly known, but users should nonetheless take action to prevent against an exploit.

To protect themselves in advance of a fix from Apple, users should select another feed reader besides the Safari default, he said.

Mastenbrook describes how to select a different feed reader on his site.

An Apple spokeswoman on Tuesday did not respond to a request seeking comment.

See original article on scmagazineus.com
Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:

Most Read Articles

Woolworths' CSO is Optus-bound

Woolworths' CSO is Optus-bound

Australia's super funds told to assess authentication controls

Australia's super funds told to assess authentication controls

Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies

The Northern Beaches Women's Shelter hones focus on tech-enabled abuse

The Northern Beaches Women's Shelter hones focus on tech-enabled abuse

Log In

  |  Forgot your password?