New Apple Safari Vulnerability Discovered

By Vygantas Lipskas | January 13, 2009 | 3 Comments

Guy Brian has discovered a new Safari vulnerability which affects Mac OS X 10.5 (Leopard) users who haven’t changed default feed reader preferences.

This vulnerability allows phishing sites to silently read all the user data from hard drive without him knowing that.

There is however a workaround for Safari users on Windows OS.

Open Safari and select Preferences… from the Safari menu.
Choose the RSS tab from the top of the Preferences window.
Click on the Default RSS reader pop-up and select an application other than Safari.

Apple has not made information available on when a fix for this issue will be released.

[digg-reddit-me]


About (Author Profile)


Vygantas Lipskas is a former web designer whose projects are used by companies such as AMD, NVIDIA and departed Westood Studios. Being passionate about software, Vygantas began his journalism carrier back in 2007 when he founded FavBrowser.com. Having said that, he is also an adrenaline junkie who enjoys good books, fitness activities and Forex trading.

  • DeclinedDoomed

    I just checked the RSS preferences on Safari for Vista, and there doesn’t seem to be a way to change the feed reader. I don’t have any other feed readers installed on my computer. Could that be why I’m not seeing it?

  • http://www.favbrowser.com Vygantas Lipskas

    From updated post:

    Users of Safari on Windows are also affected. Users who have Safari for Windows installed but do not use it for browsing are not affected.

    The details of this vulnerability have not been made public to the best of my knowledge, but secrecy is no guarantee against a sufficiently motivated attacker.

    To work around this issue until a fix is released by Apple, users should perform the following steps:

    Download and install the RCDefaultApp (http://www.rubicode.com/Software/RCDefaultApp/) preference pane, following the included instructions.
    Open System Preferences and choose the Default Applications option.
    Select the “URLs” tab in the window that appears.
    Choose the “feed” URL type from the column on the left, and choose a different application or the “” option.
    Repeat the previous step for the “feeds” and “feedsearch” URL types.

  • Pingback: Internet Security « Genuine Tips

«
»