X
Business

Workaround for Safari RSS vulnerability

Ars Technica first reported about a vulnerability in the desktop version of Safari that could expose a user's private data to a creative hacker:Computer scientist Brian Mastenbrook has discovered a fairly serious bug in Safari's RSS feed handling that can allow a maliciously-crafted web page to access personal information without any knowledge or intervention of the user.
Written by Jason D. O'Grady, Contributor
Workaround for Safari RSS vulnerability
Ars Technica first reported about a vulnerability in the desktop version of Safari that could expose a user's private data to a creative hacker:

Computer scientist Brian Mastenbrook has discovered a fairly serious bug in Safari's RSS feed handling that can allow a maliciously-crafted web page to access personal information without any knowledge or intervention of the user. The information can include—but isn't necessarily limited to—e-mails, passwords, and information stored in browser cookies.

Mastenbrook has informed Apple of the vulnerability and the company acknowledged the flaw. There aren't any known exploits in the wild for the flaw, probably because Mastenbrook isn't sharing details of the exploit.

The workaround is pretty simple: Mac users can launch Safari, go to Preferences > RSS, and set the Default RSS Reader to anything other than Safari. Windows users can simply use a different browser. Mine is currently set to NetNewsWire (I also use NewsFire) but I hardly ever use Safari anyway, instead option for FireFox most of the time.

Does anyone really use Safari for their RSS client? If so, I'd love to hear about it in the TalkBack.

Editorial standards