Workaround for Safari RSS vulnerability

Workaround for Safari RSS vulnerability

Summary: Ars Technica first reported about a vulnerability in the desktop version of Safari that could expose a user's private data to a creative hacker:Computer scientist Brian Mastenbrook has discovered a fairly serious bug in Safari's RSS feed handling that can allow a maliciously-crafted web page to access personal information without any knowledge or intervention of the user.

SHARE:

Workaround for Safari RSS vulnerabilityArs Technica first reported about a vulnerability in the desktop version of Safari that could expose a user's private data to a creative hacker:

Computer scientist Brian Mastenbrook has discovered a fairly serious bug in Safari's RSS feed handling that can allow a maliciously-crafted web page to access personal information without any knowledge or intervention of the user. The information can include—but isn't necessarily limited to—e-mails, passwords, and information stored in browser cookies.

Mastenbrook has informed Apple of the vulnerability and the company acknowledged the flaw. There aren't any known exploits in the wild for the flaw, probably because Mastenbrook isn't sharing details of the exploit.

The workaround is pretty simple: Mac users can launch Safari, go to Preferences > RSS, and set the Default RSS Reader to anything other than Safari. Windows users can simply use a different browser. Mine is currently set to NetNewsWire (I also use NewsFire) but I hardly ever use Safari anyway, instead option for FireFox most of the time.

Does anyone really use Safari for their RSS client? If so, I'd love to hear about it in the TalkBack.

Topics: Operating Systems, Apple, Browser, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

5 comments
Log in or register to join the discussion
  • I use Safari RSS

    I haven't used anything else for an RSS reader so
    can't give any comparisons.

    Works fine for me, not to mention I don't have to
    have another program open.
    middle of nowhere
    • I also use Safari RSS

      I utilize the bookmarks bar in Safari and have several categories of sites I check pretty much daily. I have an RSS folder set up on that bar that checks several blogs and websites that are updated constantly, and it's convenient not having to run to another program (even though Mail handles RSS just fine).
      mahfrot
  • RSS

    Can't say I have, though to be honest I used RSS only briefly
    when it first started to be utilized extensively on the web. I
    would wager that if someone is really serous about RSSs' use
    they have a standalone client.
    Win3.1
  • RE: Workaround for Safari RSS vulnerability

    I would expect it'll get fixed before the exploit gets any use
    since it seems researchers are the main ones that find these vulnerabilities. Crackers seem to have little ability to find
    these things themselves.
    Win3.1
  • Thanks for the safety tip!

    [i]Windows users can simply use a different browser.[/i]

    I checked my computer but it turned out that I did this a long time ago. :)
    NonZealot