Daily cyber threats and internet security news: network security, online safety and latest security alerts
January 14th, 2009

Privacy Flaw Found In Apple Safari RSS Reader

Apple’s Safari web browser for both the Mac and Windows suffers from a serious vulnerability that can expose emails, passwords and other sensitive contents of a user’s hard drive, an open source software developer Brian Mastenbrook has warned. Users of Tiger, aka Mac OS X 10.4, and earlier versions of Mac OS X are not vulnerable.

The vulnerability can be used to gain access to sensitive information stored on the user’s computer, such as emails, passwords, or cookies that could be used to gain access to the user’s accounts on some web sites. The vulnerability has been acknowledged by Apple.

Those using Mac OS X 10.5, aka Leopard, are susceptible to the data-snooping bug even if they use Firefox or another alternate browser, according to the researcher. Windows users are also vulnerable, but only if they are using Safari.

Leopard users can protect themselves by opening Safari and selecting Preferences from the Safari menu, choosing the RSS tab from the top of the Preferences window, clicking on the Default RSS Reader pop-up window and selecting an application other than Safari.

For the time being, Windows users with Safari installed should leave it closed and use a different browser.

Share this item with others:

More on CyberInsecure:
  • Apple Patches Multiple Vulnerabilities In Safari 3.1.1
  • Apple Safari Domain Extensions Insecure Cookie Access Vulnerability
  • Mac OS X And Safari Vulnerabilities Patched By Apple In Security Update 2009-001
  • Facebook Urges Public Exposure In ‘Privacy’ Revision
  • Mac users are advised not to use Safari by Consumer Reports

  • If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: Privacy Flaw Found In Apple Safari RSS Reader

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.