RSS Alerts

Share

More services

Related Stories

  • A Rotting Security Apple?
    Vendors, analysts, and commentators alike have long predicted a surge in malware affecting Apple’s products. Yet, until recently, these prognostications have failed to materialize. Drew Amorosi examines recent malware threats to Apple’s OS X operating system to find out if this is an anomaly, or a sign of things to come
  • Infosecurity weekly brief - September 15, 2009
    Breaches, threats, protections and security directions - we summarise what's been happening in the world of information security over the past week.
  • Anti-virus: a technology update
    Anti-virus software might be the archetypal security product, but with so many high-profile malware attacks – including Stuxnet and Zeus – is it doing its job? Kevin Townsend investigates whether anti-virus software is still relevant
  • The battle of the internet browsers
    Browsers are the hackers’ window into your PC – but how are they compromised, and what are vendors doing to harden them? Danny Bradbury examines the techniques vendors are employing, and why user education is one of the primary solutions for increased security
  • Battle of the Internet Browsers
    Browsers are the hacker’s window into your PC – but how are they compromised, and what are vendors doing to harden them? Danny Bradbury examines the techniques vendors are employing, and looks at why user education is one of the primary solutions for increased security

Top 5 Stories

News

Safari File Access Bug Discovered

16 January 2009

Security researcher Brian Mastenbrook claims to have discovered a flaw in the Safari web browser that makes it possible for a malicious website to read files on a user's hard drive without their permission. Users of the browser on both the Windows and Mac OS X operating systems are affected. The workaround, posted on his blog, suggests that the problem lies with the browser's RSS capabilities, although he adds that users of OS X 10.5 (Leopard) are affected by the problem whether or not they use the RSS feeds.

"The only workaround available for users of Safari on Windows is to use a different web browser," warned Mastenbrook, who updated his website this week after the covering that the initial workaround he provided would not protect users. "I regret that what initially appeared to be a simple workaround is now substantially more complicated, and requires the installation of third party software to perform," he said.

Now, users must download the RCDefaultApp preference pane, which allows users to set default applications used for various URL schemes. This can be used to disassociate feed URLs from Safari and associate them with a different web browser or dedicated RSS reader.

Mastenbrook says that he has contacted the notoriously tight-lipped computer vendor about the problem. The company had not yet posted a security update to fix the problem as of last Thursday.

This article is featured in:
Internet and Network Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Terms & Conditions |Privacy |Website Design|Reed Exhibitions. All rights reserved. Copyright © 2012