New Apple Safari Vulnerability Discovered
Written by Vygantas Lipskas on January 13, 2009
Guy Brian has discovered a new Safari vulnerability which affects Mac OS X 10.5 (Leopard) users who haven’t changed default feed reader preferences.
This vulnerability allows phishing sites to silently read all the user data from hard drive without him knowing that.
There is however a workaround for Safari users on Windows OS.
Open Safari and select Preferences… from the Safari menu.
Choose the RSS tab from the top of the Preferences window.
Click on the Default RSS reader pop-up and select an application other than Safari.
Apple has not made information available on when a fix for this issue will be released.
Be the first to know. Subscribe to our RSS Feed 
or follow us on Twitter.
I just checked the RSS preferences on Safari for Vista, and there doesn’t seem to be a way to change the feed reader. I don’t have any other feed readers installed on my computer. Could that be why I’m not seeing it?
From updated post:
Users of Safari on Windows are also affected. Users who have Safari for Windows installed but do not use it for browsing are not affected.
The details of this vulnerability have not been made public to the best of my knowledge, but secrecy is no guarantee against a sufficiently motivated attacker.
To work around this issue until a fix is released by Apple, users should perform the following steps:
Download and install the RCDefaultApp (http://www.rubicode.com/Software/RCDefaultApp/) preference pane, following the included instructions.” option.
Open System Preferences and choose the Default Applications option.
Select the “URLs” tab in the window that appears.
Choose the “feed” URL type from the column on the left, and choose a different application or the “
Repeat the previous step for the “feeds” and “feedsearch” URL types.