Workaround for Safari RSS vulnerability

Summary:Ars Technica first reported about a vulnerability in the desktop version of Safari that could expose a user's private data to a creative hacker:Computer scientist Brian Mastenbrook has discovered a fairly serious bug in Safari's RSS feed handling that can allow a maliciously-crafted web page to access personal information without any knowledge or intervention of the user.

Workaround for Safari RSS vulnerability
Ars Technica first reported about a vulnerability in the desktop version of Safari that could expose a user's private data to a creative hacker:

Computer scientist Brian Mastenbrook has discovered a fairly serious bug in Safari's RSS feed handling that can allow a maliciously-crafted web page to access personal information without any knowledge or intervention of the user. The information can include—but isn't necessarily limited to—e-mails, passwords, and information stored in browser cookies.

Mastenbrook has informed Apple of the vulnerability and the company acknowledged the flaw. There aren't any known exploits in the wild for the flaw, probably because Mastenbrook isn't sharing details of the exploit.

The workaround is pretty simple: Mac users can launch Safari, go to Preferences > RSS, and set the Default RSS Reader to anything other than Safari. Windows users can simply use a different browser. Mine is currently set to NetNewsWire (I also use NewsFire) but I hardly ever use Safari anyway, instead option for FireFox most of the time.

Does anyone really use Safari for their RSS client? If so, I'd love to hear about it in the TalkBack.

Topics: Operating Systems, Apple, Browser, Security

About

Jason D. O'Grady developed an affinity for Apple computers after using the original Lisa, and this affinity turned into a bona-fide obsession when he got the original 128 KB Macintosh in 1984. He started writing one of the first Web sites about Apple (O'Grady's PowerPage) in 1995 and is considered to be one of the fathers of blogging.... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.