Follow the Australian Telecommunications scene NEWSLETTER- FREE TRIAL
 |
 Stephen Withers turns his gaze on the world of Apple, with
detours into other aspects of IT and communications as they catch his
attention. |
Technology news and Jobs 
Our Blogs Core Dump Safari RSS vulnerability: take two
Our Blogs Core Dump Safari RSS vulnerability: take two | Safari RSS vulnerability: take two |
|
| by Stephen Withers | |
| Monday, 19 January 2009 | |
|
Page 1 of 2   
Featured Whitepaper
5 Best Practices for Smartphone Support
The problem is that a malicious link (that could be delivered in a web page, an email, an instant message or in some other form) can be the vehicle for an attack that allows files to be read from the user's hard drive. The vulnerability affects Mac OS 10.5 (but not previous versions) even if users do not use Safari's RSS capabilities. If you are invited to open a link specifically in Safari, it's probably wise to decline. "Users of Firefox, Camino, and Opera on Mac OS X are substantially better protected against exploitation by a malicious web page than users of Safari or OmniWeb," Mastenbrook observed. Both Safari and OnmiWeb use the WebKit framework, which raises the question of whether the vulnerability is in Safari itself or in WebKit. He originally suggested that using Safari's preferences to associate RSS feeds with another program such as Mail would provide protection until Apple releases a Safari update to fix the underlying problem. But he overlooked that there are two other URL types associated with RSS feeds, namely feeds and feedsearch. So how do you get around that? Find out on page 2. |
| < Next story in category | Previous story in the category > |
|---|
