Follow the Australian Telecommunications scene NEWSLETTER- FREE TRIAL
 |
 Stephen Withers turns his gaze on the world of Apple, with
detours into other aspects of IT and communications as they catch his
attention. |
Technology news and Jobs 
Our Blogs Core Dump Safari vulnerable to remote file-stealing attack
Our Blogs Core Dump Safari vulnerable to remote file-stealing attack | Safari vulnerable to remote file-stealing attack |
|
| by Stephen Withers | |
| Tuesday, 13 January 2009 | |
|
Page 1 of 2   
Featured Whitepaper
5 Best Practices for Smartphone Support
"[T]his vulnerability could be exploited by a phishing site in a way that would not cause affected users to suspect their information had been stolen," he added. Although Mastenbrook did not disclose details of the vulnerability, it may involve the use of malformed feed: URLs. History suggests that the underlying problem is either a buffer overflow or a format string issue. The vulnerability is said to affect Safari on Windows as well as Mac OS X 10.5. According to Mastenbrook, an interim workaround for Mac OS X users is to set a program other than Safari as the default RSS reader in Safari's preferences. Users of other Mac web browsers are vulnerable unless they make this change. Presumably an exploit would involve a feed: link in a web page or email that would still be directed to Safari unless that preference was altered. Does Mastenbrook have a track record that adds credibility to his claim? See page 2. |
| < Next story in category | Previous story in the category > |
|---|
