14 January 2009 @ 7:41Safari RSS Vulnerability
Brian Mastenbrook has discovered a vulnerability in Apple’s Safari browser that could allow remote sites to read files from a user’s hard drive without user intervention. The vulnerability is in the way Safari handles RSS requests. Omniweb is also affected by this. Users may also be affected by this vulnerability if a malicious link is opened in their email client or instant messenger.
To work around this issue until a fix is released by Apple, users should perform the following steps:
1. Download and install the RCDefaultApp preference pane, following the included instructions.
2. Open System Preferences and choose the Default Applications option.
3. Select the “URLs” tab in the window that appears.
4. Choose the “feed” URL type from the column on the left, and choose a different application or the “<disabled>” option.
5. Repeat the previous step for the “feeds” and “feedsearch” URL types.
The only workaround available for users of Safari on Windows is to use a different web browser.
[via Brian Mastenbrook]