iTWire - Safari vulnerable to remote file-stealing attack

IT&T JOBS|Discussion forum|Technology Events|IT Education|

Today on iTWire IT News Telecommunications People Our Blogs Tech Lifestyle Releases Science Sustainability MyProfile Whitepapers

Daily ICT Newsletter FREE TRIAL

Follow the Australian Telecommunications scene NEWSLETTER- FREE TRIAL

Core Dump

Stephen Withers turns his gaze on the world of Apple, with detours into other aspects of IT and communications as they catch his attention.

Technology news and Jobs

Safari vulnerable to remote file-stealing attack

Safari vulnerable to remote file-stealing attack

E-mail

by Stephen Withers
Tuesday, 13 January 2009
Page 1 of 2 A newly revealed vulnerability in Apple's Safari web browser allows a remote site to read files stored on a Mac or Windows system. According to the discoverer, the vulnerability has been acknowledged by Apple. Featured Whitepaper 5 Best Practices for Smartphone Support According to Brian Mastenbrook (who describes himself as a 'next big thing architect' and software engineer), "Apple's Safari browser is vulnerable to an attack that allows a malicious web site to read files on a user's hard drive without user intervention." "[T]his vulnerability could be exploited by a phishing site in a way that would not cause affected users to suspect their information had been stolen," he added. Although Mastenbrook did not disclose details of the vulnerability, it may involve the use of malformed feed: URLs. History suggests that the underlying problem is either a buffer overflow or a format string issue. The vulnerability is said to affect Safari on Windows as well as Mac OS X 10.5. According to Mastenbrook, an interim workaround for Mac OS X users is to set a program other than Safari as the default RSS reader in Safari's preferences. Users of other Mac web browsers are vulnerable unless they make this change. Presumably an exploit would involve a feed: link in a web page or email that would still be directed to Safari unless that preference was altered. Does Mastenbrook have a track record that adds credibility to his claim? See page 2. << First page < 1 2 Next page > Last page - Post your comment >>

< Next story in category		Previous story in the category >

Sponsored Releases

progeCAD 2009 Free 2010 Version Upgrades Offer from CADDIT.net

Virtual Computer brings reduced desktop management costs to Australia

NETSUITE ANNOUNCES Q3 09 RESULTS

AVG (AU/NZ) Wins Computer Troubleshooters Vendor of the Year Award for the Second Year

Mobile & Wireless VoIP on the Apple iPhone

AVG (AU/NZ) Growing Fast in an Economy Looking for Security

...Promote your press-releases here

Latest jobs

	Visitors last 30 days	694,279
	Subscribers	15,210

#1 independent technology news advertise here

- Advertisement -

Featured Whitepapers

	5 Best Practices for Smartphone Support Worldwide shipments of smartphones reached a high of nearly 40 million units in the third quarter of 2008, helping to grow the category by 28% from the same quarter last year.
	Legacy Tools: Not For Today’s Helpdesk Why applications like RDP, VPNs and VNC may be costing you time, money and end-user satisfaction.

Business & IT Transformation Roles

Systems Analysts	Business Process Analysts
Test Analysts	Business Analysts
Business Readiness Analysts

Project C

stats for wordpress

Today on iTWire

Follow iTWire on Twitter

About iTWire

iTWire is all about technology news, information, jobs and community for the IT and telecommunications industry professional. Subscribe to our free ICT daily newsletter

website free tracking