Follow MacBlips on Twitter
Safari RSS vulnerability might reveal your personal data
The Unofficial Apple Weblog (TUAW) —
... browser come over the transom, they get our attention. When they're exploitable in both the Mac and Windows versions of Safari, they get our full and undivided attention. When the person reporting them is Brian Mastenbrook (credited with discovering ...
Vulnerability in Safari discovered, RSS handling to blame
jkOnTheRun —
... We have received word from Brian Mastenbrook, who has discovered security vulnerabilities with Apple stuff in the past, that a severe vulnerability exists in the Safari browser. Brian says there is a possibility that a hacker can take control of any system that runs Safari due to a hole in the way Safari handles RSS feeds. Brian is not publishing specifics of the security hole to prevent exploitation but he has acknowledgement from Apple that the problem exists. ...
Security flaw in Safari's RSS feeds reported
AppleInsider —
... Published: 09:00 AM EST An open source software engineer says he's found a vulnerability in Safari for Mac and Windows that could compromise a user's files and passwords if successfully exploited. Brian Mastenbrook didn't get specific in a blog entry posted Sunday, but he did claim his discovery has already been acknowledged by Apple. All users of Mac OS X 10.5 Leopard are affected, whether they use RSS feeds or not, as long as they have not changed their preference from the default, as seen below. "Safari ... is vulnerable to an attack that allows a malicious web site to ...
Safari RSS vulnerability discovered; gives up personal data
Infinite Loop —
No Safari RSS! Computer scientist Brian Mastenbrook has discovered a fairly serious bug in Safari's RSS feed handling that can allow a maliciously-crafted web page to access personal information without any knowledge or intervention of the user. The information can include but isn't necessarily limited to e-mails, passwords, and information stored in browser cookies. This vulnerability affects any Mac OS X user that has Safari set as the default feed reader in Safari's RSS preferences. You can be affected by it even if you don't read RSS feeds or regularly use another ...
Apple Acknowledges Fairly Serious Safari RSS Vulnerability
MacBlogz - One Stop Apple News —
Apple has acknowledge a moderately frightening Safari RSS vulnerability than makes the browser vulnerable to attack without user intervention.
Brian Mastenbrook, a computer scientist using Apple’s Safari browser discovered the bug and reported it to Apple.
“I have discovered that Apple’s Safari browser is vulnerable to an attack that allows a malicious web site to read files on a user’s hard drive without user intervention. This can be used to gain access to sensitive information stored on the user’s ...
Safari's RSS Feeds a Security Risk?
Mac|Life all RSS Feed —
safari Open source developer, Brian Mastenbrook has reportedly discovered a vulnerability in Safari's RSS feed feature. The vulnerability allows malicious websites to read files on a users hard drive. According to the developer, Apple has acknowledged the security flaw. OS X 10.5 and Windows users of Safari are affected by the vulnerability. Leopard users should choose another feed reader, while Windows users should cease using Safari all together until the issue is dealt with by Apple. To change your default RSS feed reader in Safari for OS X, follow the instructions ...
Safari RSS Security Vulnerability Comes to Light
TheAppleBlog —
... That’s according to a new tech note from developer Brian Mastenbrook, who has taken matters into his own hands while we wait for an official fix from Apple. And good thing, too, since this vulnerability is apparently nothing to sneeze at, as attackers can easily get their hands on sensitive information stored in cookies, emails, etc. ...
Workaround for Safari RSS vulnerability
The Apple Core —
... about a vulnerability in the desktop version of Safari that could expose a user’s private data to a creative hacker: Computer scientist Brian Mastenbrook has discovered a fairly serious bug in Safari’s RSS feed handling that can allow a maliciously-crafted web page to access personal information without any knowledge or intervention of the user. The information can include—but isn’t necessarily limited to—e-mails, passwords, and information stored in browser cookies. Mastenbrook has informed Apple of the vulnerability and the company acknowledged the flaw. There aren’t any ...
Protect Yourself From the Safari RSS Vulnerability
TidBITS: Mac News for the Rest of Us —
... On 11-01-2009 programmer Brian Mastenbrook revealed that he discovered and reported a security vulnerability in Safari that affects Mac OS X 10.5 Leopard and Windows computers with Safari installed. The vulnerability could allow a malicious website you visit to read any file on your system- including emails, passwords stored in browser cookies, or other documents. We have strong indications that the problem is real and you should immediately protect yourself in case malicious attackers figure it our before Apple issues a patch. ...
