Apple Safari feed reader flaw could expose private information

By on
Apple Safari feed reader flaw could expose private information

A researcher has discovered a potentially dangerous, password-stealing vulnerability in Apple's Safari browser, affecting both the Mac and Windows versions of the web browser.

A researcher has discovered a potentially dangerous, password-stealing vulnerability in Apple's Safari browser, affecting both the Mac and Windows versions of the web browser.

Brian Mastenbrook said on his website that the bug, if exploited, can allow malicious websites to read files sitting on a user's hard drive, without the victim needing to take any action.

"This can be used to gain access to sensitive information stored on the user's computer, such as emails, passwords or cookies that could be used to gain access to the user's accounts on some websites," he said, adding that Apple is aware of the bug.

Users of Mac OS X 10.5, code-named Leopard, are affected if they use the default feed reader application preference, regardless if they use a different browser or use RSS feeds at all, Mastenbrook said. Users of Safari for Windows are also impacted, unless they do not use it for browsing.

Mastenbrook said he does not think the vulnerability is publicly known, but users should nonetheless take action to prevent against an exploit.

To protect themselves in advance of a fix from Apple, users should select another feed reader besides the Safari default, he said.

Mastenbrook describes how to select a different feed reader on his site.

An Apple spokeswoman on Tuesday did not respond to a request seeking comment.

See original article on scmagazineus.com
Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:
applefeedflawinformationprivatereadersafarisecurity

Sponsored Whitepapers

Planning before the breach: You can’t protect what you can’t see
Planning before the breach: You can’t protect what you can’t see
Beyond FTP: Securing and Managing File Transfers
Beyond FTP: Securing and Managing File Transfers
NextGen Security Operations: A Roadmap for the Future
NextGen Security Operations: A Roadmap for the Future
Video: Watch Juniper talk about its Aston Martin partnership
Video: Watch Juniper talk about its Aston Martin partnership
Don’t pay the ransom: A three-step guide to ransomware protection
Don’t pay the ransom: A three-step guide to ransomware protection

Events

Most Read Articles

Kmart Australia stands up consent-as-a-service platform

Kmart Australia stands up consent-as-a-service platform
Telstra to open its 5G network to wholesale customers

Telstra to open its 5G network to wholesale customers
Macquarie Bank creates a broker portal on Salesforce

Macquarie Bank creates a broker portal on Salesforce
Active Directory defaults lead to no-fix PrivEsc vulnerability

Active Directory defaults lead to no-fix PrivEsc vulnerability

Digital Nation

Metaverse hype will transition into new business models by mid decade: Gartner
Metaverse hype will transition into new business models by mid decade: Gartner
Case Study: PlayHQ leverages graph technologies for sports administration
Case Study: PlayHQ leverages graph technologies for sports administration
As NFTs gain traction, businesses start taking early bets
As NFTs gain traction, businesses start taking early bets
COVER STORY: From cost control to customer fanatics, AI is transforming the contact centre
COVER STORY: From cost control to customer fanatics, AI is transforming the contact centre
The other ‘CTO’: The emerging role of the chief transformation officer
The other ‘CTO’: The emerging role of the chief transformation officer

Log In

  |  Forgot your password?