Programmer uncovers Safari RSS vulnerability
There's nothing we love more than a good security vulnerability. It just goes to remind you once again that the only truly secure computer is that old SE/30 in your basement that's not even plugged in and is kept under lock and key.
Programmer Brian Mastenbrook identified the flaw, which affects any Mac user who hasn't changed the default option for RSS reader in Safari's preferences (that default reader being, naturally, Safari itself). The vulnerability could allow a Web site to read data stored on the user's computer, including sensitive information like logins and passwords, without notifying the user. The flaw is far-reaching, affecting both Mac and Windows users running Safari, as well as Mac users who use other browsers like Firefox but still haven't changed Safari's RSS preferences.
In terms of a workaround, Windows Safari users should switch to another browser until the problem is fixed; Mac users should just switch the default RSS reader from Safari in Safari's Preferences -> RSS panel. Apple has acknowledged the vulnerability, but there's no news on when a patch might be forthcoming. Thus far it seems as though knowledge of the flaw's details is not yet public, so there's no need for panic, but taking precautions is always good.
[via Daring Fireball]
» posted by ITworld staff
Macworld
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
On Twitter now
safari
Powered by Twitter
jfruh
Apple syncing patent can't come soon enough
pasmith
New Twitter features borrow from 3rd party clients
Esther Schindler
Open Source Changes the Software Acquisition Process
mikelgan
How to set up continuous podcast play on the new iTunes
David Strom
Five important Windows 7 mobility features
sjvn
Guard your Wi-Fi for your own sake
Sandra Henry-Stocker
Grepping on Whole Words
Sidekick: The Good News & the Bad News
Either way you look at it Microsoft Data Center management did not follow standards or best practices in this failure. In which case it makes me wonder more about the outsourcing of corporate data much less personal data.
- mburton325
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
