RSS Alerts

Share

More services

Top 5 Stories

News

Safari File Access Bug Discovered

16 January 2009

Security researcher Brian Mastenbrook claims to have discovered a flaw in the Safari web browser that makes it possible for a malicious website to read files on a user's hard drive without their permission. Users of the browser on both the Windows and Mac OS X operating systems are affected. The workaround, posted on his blog, suggests that the problem lies with the browser's RSS capabilities, although he adds that users of OS X 10.5 (Leopard) are affected by the problem whether or not they use the RSS feeds.

"The only workaround available for users of Safari on Windows is to use a different web browser," warned Mastenbrook, who updated his website this week after the covering that the initial workaround he provided would not protect users. "I regret that what initially appeared to be a simple workaround is now substantially more complicated, and requires the installation of third party software to perform," he said.

Now, users must download the RCDefaultApp preference pane, which allows users to set default applications used for various URL schemes. This can be used to disassociate feed URLs from Safari and associate them with a different web browser or dedicated RSS reader.

Mastenbrook says that he has contacted the notoriously tight-lipped computer vendor about the problem. The company had not yet posted a security update to fix the problem as of last Thursday.

This article is featured in:
Internet and Network Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Terms & Conditions |Privacy |Website Design|Reed Exhibitions. All rights reserved. Copyright © 2012