Safari vulnerable to remote file-stealing attack

By Stephen Withers
Tuesday, 13 January 2009 02:37

Opinion and Analysis

A newly revealed vulnerability in Apple's Safari web browser allows a remote site to read files stored on a Mac or Windows system. According to the discoverer, the vulnerability has been acknowledged by Apple.

According to Brian Mastenbrook (who describes himself as a 'next big thing architect' and software engineer), "Apple's Safari browser is vulnerable to an attack that allows a malicious web site to read files on a user's hard drive without user intervention."

"[T]his vulnerability could be exploited by a phishing site in a way that would not cause affected users to suspect their information had been stolen," he added.

Although Mastenbrook did not disclose details of the vulnerability, it may involve the use of malformed feed: URLs. History suggests that the underlying problem is either a buffer overflow or a format string issue.

The vulnerability is said to affect Safari on Windows as well as Mac OS X 10.5.

According to Mastenbrook, an interim workaround for Mac OS X users is to set a program other than Safari as the default RSS reader in Safari's preferences.

Users of other Mac web browsers are vulnerable unless they make this change. Presumably an exploit would involve a feed: link in a web page or email that would still be directed to Safari unless that preference was altered.

Does Mastenbrook have a track record that adds credibility to his claim? See page 2.