bit-tech.net

Safari users warned of unpatched flaw

Safari users warned of unpatched flaw

Apple's Safari browser - installed by default on Mac OS X and available for Windows - has a severe security hole according to researcher Brian Mastenbrook.

Users of Apple's Safari web browser are being warned of an unpatched security vulnerability that can reveal sensitive information – even if you use a different web browser.

According to research by Brian Mastenbrook – via Techmeme – the software, which is installed by default in all versions of Mac OS X and is also available for Windows-based PCs, has a major security hole in its implementation of the RSS standard.

Although details have not been made public – for obvious reasons – Mastenbrook does state that the flaw can be used by a remote attacker to “gain access to sensitive information stored on the user's computer, such as emails, passwords, or cookies that could be used to gain access to the user's accounts on some web sites.

Users of Safari on Microsoft Windows are advised to switch – at least temporarily – to a different browser, and to ensure that Safari is not selected as the system default for either HTML or RSS data. Mac OS X users are advised to choose a different default RSS reader in the Preferences menu of Safari in order to protect themselves while waiting for a patch – even if they already use a different program to browse the web or access RSS feeds.

While the flaw has been acknowledge by Apple, an official statement – or news about when a patch might be due – has not yet been forthcoming. Without technical information it's hard to judge the scope of the flaw, but Mastenbrook has a quartet of bug kills to his name already having been responsible discovering four separate security issues in Mac OS X that Apple has since patched using information he provided.

Any Safari users hoping that Apple gets this hole patched ASAP, or is Mastenbrook over-egging the severity of the flaw for his own ends? Share your thoughts over in the forums.

6 Comments

Discuss in the forums Reply
liratheal 14th January 2009, 14:49 Quote
God, I love security holes.

I might start sending paper requests to websites for their news updates, probably safer..
Sparrowhawk 14th January 2009, 19:46 Quote
Wait... people actually use Safari on Windows?
wuyanxu 14th January 2009, 21:11 Quote
Quote:
Originally Posted by Sparrowhawk
Wait... people actually use Safari on Windows?
wait, there's other browsers? i thought Firefox is the only one!

if it's RSS engine problem, iPhone's not affected right?
Stuey 14th January 2009, 22:13 Quote
Quote:
Originally Posted by wuyanxu
wait, there's other browsers? i thought Firefox is the only one!

if it's RSS engine problem, iPhone's not affected right?
firefox? Yea, right. The other day it gave me a huge warning popup saying that unless I upgrade/update, my PC's security could be compromised.
johnmustrule 15th January 2009, 07:39 Quote
Quote:
Originally Posted by Sparrowhawk
Wait... people actually use Safari on Windows?

I use it to get free wifi at starbucks.
Log in

You are not logged in, please login with your forum account below. If you don't already have an account please register to start contributing.



Discuss in the forums