14 January 2009 @ 7:41Safari RSS Vulnerability

Brian Mastenbrook has discovered a vulnerability in Apple’s Safari browser that could allow remote sites to read files from a user’s hard drive without user intervention. The vulnerability is in the way Safari handles RSS requests. Omniweb is also affected by this. Users may also be affected by this vulnerability if a malicious link is opened in their email client or instant messenger.

To work around this issue until a fix is released by Apple, users should perform the following steps:

1. Download and install the RCDefaultApp preference pane, following the included instructions.
2. Open System Preferences and choose the Default Applications option.
3. Select the “URLs” tab in the window that appears.
4. Choose the “feed” URL type from the column on the left, and choose a different application or the “<disabled>” option.
5. Repeat the previous step for the “feeds” and “feedsearch” URL types.

The only workaround available for users of Safari on Windows is to use a different web browser.

[via Brian Mastenbrook]

Be Sociable, Share!

by | Add a comment | Tags: , , , ,
Posted in safari, security | Link to this

Add a Comment

Show who you are with a Gravatar.


Sign up for PayPal and start accepting credit card payments instantly.

Staples Logo

Get fed!

rss icon subscribe to Geek stuff

rss icon Geek stuff in your inbox

Add the "Geek stuff" Google Gadget to your homepage

Add the "Daily Deals" Google Gadget to your homepage


Search Amazon

Search Amazon.com
Search Amazon.co.uk

Recent Forum Topics


    Web hosting by ICDSoft