Tuesday, January 13, 2009
Safari RSS Vulnerability Revealed
Posted by Vincent Ferrari in "Apple Software (OS X)" @ 07:00 AM
"In this case, the issue is that a hole in Safari's handling of RSS feeds could allow an attacker (via a malicious web page) to capture a user's personal information, cookies or even passwords. While Brian has not posted more details of the vulnerability publicly, he has acknowledgment from Apple that the issue exists; hopefully we will see an update soon that closes this hole. In the meantime, although Windows Safari users are advised to use a different browser to avoid the vulnerability, Mac users can simply set an alternative RSS feed handler to work around the issue."
If you use Safari for its RSS goodness, this one is pretty darned important, so beware for now. You may even consider switching to something else for your RSS needs until this is ironed out and patched.
