Follow TechBlips on Twitter
Safari RSS vulnerability might reveal your personal data
The Unofficial Apple Weblog (TUAW) —
... browser come over the transom, they get our attention. When they're exploitable in both the Mac and Windows versions of Safari, they get our full and undivided attention. When the person reporting them is Brian Mastenbrook (credited with discovering ...
Vulnerability in Safari discovered, RSS handling to blame [jkOnTheRun]
GigaOM Network —
... We have received word from Brian Mastenbrook, who has discovered security vulnerabilities with Apple stuff in the past, that a severe vulnerability exists in the Safari browser. Brian says there is a possibility that a hacker can take control of any system that runs Safari due to a hole in the way Safari handles RSS feeds. Brian is not publishing specifics of the security hole to prevent exploitation but he has acknowledgement from Apple that the problem exists. ...
Security flaw in Safari's RSS feeds reported
AppleInsider —
... Published: 09:00 AM EST An open source software engineer says he's found a vulnerability in Safari for Mac and Windows that could compromise a user's files and passwords if successfully exploited. Brian Mastenbrook didn't get specific in a blog entry posted Sunday, but he did claim his discovery has already been acknowledged by Apple. All users of Mac OS X 10.5 Leopard are affected, whether they use RSS feeds or not, as long as they have not changed their preference from the default, as seen below. "Safari ... is vulnerable to an attack that allows a malicious web site to ...
Apple Acknowledges Fairly Serious Safari RSS Vulnerability
MacBlogz - One Stop Apple News —
Apple has acknowledge a moderately frightening Safari RSS vulnerability than makes the browser vulnerable to attack without user intervention.
Brian Mastenbrook, a computer scientist using Apple’s Safari browser discovered the bug and reported it to Apple.
“I have discovered that Apple’s Safari browser is vulnerable to an attack that allows a malicious web site to read files on a user’s hard drive without user intervention. This can be used to gain access to sensitive information stored on the user’s ...
Safari's RSS Feeds a Security Risk?
Mac|Life all RSS Feed —
safari Open source developer, Brian Mastenbrook has reportedly discovered a vulnerability in Safari's RSS feed feature. The vulnerability allows malicious websites to read files on a users hard drive. According to the developer, Apple has acknowledged the security flaw. OS X 10.5 and Windows users of Safari are affected by the vulnerability. Leopard users should choose another feed reader, while Windows users should cease using Safari all together until the issue is dealt with by Apple. To change your default RSS feed reader in Safari for OS X, follow the instructions ...
Apple Safari RSS bug could let hackers steal your passwords
Obsessable News Feed —
... A recently-discovered bug in Apple's Safari browser potentially allows hackers to access files stored on your computer, including cached copies of passwords and other sensitive data. While this vulnerability isn't as severe as ...
Major Safari security flaw discovered in RSS handler
Download Squad —
... If you're using Safari as your default browser, you may want to change your RSS feed handler. As reported by developer Brian Mastenbrook, there's a major flaw in Safari that could allow an attacker to directly access files on your hard drive. ...
Safari RSS Security Vulnerability Comes to Light [TheAppleBlog]
GigaOM Network —
... That’s according to a new tech note from developer Brian Mastenbrook, who has taken matters into his own hands while we wait for an official fix from Apple. And good thing, too, since this vulnerability is apparently nothing to sneeze at, as attackers can easily get their hands on sensitive information stored in cookies, emails, etc. ...
Workaround for Safari RSS vulnerability
The Apple Core —
... about a vulnerability in the desktop version of Safari that could expose a user’s private data to a creative hacker: Computer scientist Brian Mastenbrook has discovered a fairly serious bug in Safari’s RSS feed handling that can allow a maliciously-crafted web page to access personal information without any knowledge or intervention of the user. The information can include—but isn’t necessarily limited to—e-mails, passwords, and information stored in browser cookies. Mastenbrook has informed Apple of the vulnerability and the company acknowledged the flaw. There aren’t any ...
RSS feed handler vulnerability discovered in Safari on Windows and Mac OS X 10.5 Leopard
D' Technology Weblog —
... Apple’s Safari browser is vulnerable to an attack on Windows and tMac OS X 10.5 Leopard, that allows a malicious web site to read files on a user’s hard drive without user intervention. The vulnerability has been acknowledged by Apple, reports Mastenbrook. ...
Apple's Safari RSS system vulnerable to hackers - but no fix yet
Technology: Technology blog | guardian.co.uk —
... Using Safari to read RSS feeds on a Mac or Windows machine? You shouldn't - a serious vulnerability has been discovered which would allow a malicious site ...
Protect Yourself From the Safari RSS Vulnerability
TidBITS: Mac News for the Rest of Us —
... On 11-01-2009 programmer Brian Mastenbrook revealed that he discovered and reported a security vulnerability in Safari that affects Mac OS X 10.5 Leopard and Windows computers with Safari installed. The vulnerability could allow a malicious website you visit to read any file on your system- including emails, passwords stored in browser cookies, or other documents. We have strong indications that the problem is real and you should immediately protect yourself in case malicious attackers figure it our before Apple issues a patch. ...
