Privacy Flaw Found In Apple Safari RSS Reader

Apple’s Safari web browser for both the Mac and Windows suffers from a serious vulnerability that can expose emails, passwords and other sensitive contents of a user’s hard drive, an open source software developer Brian Mastenbrook has warned. Users of Tiger, aka Mac OS X 10.4, and earlier versions of Mac OS X are not vulnerable.

The vulnerability can be used to gain access to sensitive information stored on the user’s computer, such as emails, passwords, or cookies that could be used to gain access to the user’s accounts on some web sites. The vulnerability has been acknowledged by Apple.

Those using Mac OS X 10.5, aka Leopard, are susceptible to the data-snooping bug even if they use Firefox or another alternate browser, according to the researcher. Windows users are also vulnerable, but only if they are using Safari.

Leopard users can protect themselves by opening Safari and selecting Preferences from the Safari menu, choosing the RSS tab from the top of the Preferences window, clicking on the Default RSS Reader pop-up window and selecting an application other than Safari.

For the time being, Windows users with Safari installed should leave it closed and use a different browser.

No comments: