Warning this article may contain opinions of the author that you and iTWire don't agree with.
Visit the last page to have your say in our forum.

No. 1 Story

Cloud alliance sides with Optus on copyright

OzHub, the Macquarie Telecom-led cloud computing alliance, has come down firmly on the side of Optus over the copyright controversy surrounding Optus TV Now, warning that any moves to change the law "risk branding Australia a global luddite state."

 read more
StumbleUponSubmit to redditShare this on TwitterShare on facebook | Print |PDF 

More From

Safari RSS vulnerability: take two

Stephen Withers
Monday, 19 January 2009 04:11

Opinion and Analysis

Page 1 of 2
An effective workaround for the Safari RSS security issue flagged last week turns out to be more complicated than originally suggested.
Microsoft Office 365 Get your free Trial

Related Articles

Just over a week ago, Brian Mastenbrook warned of a vulnerability he had discovered in Apple's Safari web browser.

The problem is that a malicious link (that could be delivered in a web page, an email, an instant message or in some other form) can be the vehicle for an attack that allows files to be read from the user's hard drive.

The vulnerability affects Mac OS 10.5 (but not previous versions) even if users do not use Safari's RSS capabilities.

If you are invited to open a link specifically in Safari, it's probably wise to decline.

"Users of Firefox, Camino, and Opera on Mac OS X are substantially better protected against exploitation by a malicious web page than users of Safari or OmniWeb," Mastenbrook observed.

Both Safari and OnmiWeb use the WebKit framework, which raises the question of whether the vulnerability is in Safari itself or in WebKit.

He originally suggested that using Safari's preferences to associate RSS feeds with another program such as Mail would provide protection until Apple releases a Safari update to fix the underlying problem.

But he overlooked that there are two other URL types associated with RSS feeds, namely feeds and feedsearch.

So how do you get around that? Find out on page 2.


Start 1 2 Next 

Sponsored Announcements

Gigamon’s extends Visibility Fabric solution by adding high density, high resiliency technology

David Frost | SYDNEY– February 9, 2012. Gigamon®, the world leader in Traffic Visibility Fabric solutions, announced that it has expanded the breadth and s…

You may have missed


Advertisement

- sponsored feature -

The Death of Traditional BI: What’s Next?

How to Make Business Discovery Work for Your Business IP PABX BUYING GUIDE

Business Discovery takes its cues from consumer apps. Like Google, it encourages us- ers to hunt for and explore data without worrying about or even noticing the underly- ing technology. Their entire experience is working within an intuitive interface to get real-time, self-service results with only minimal training. ...more

Our Services for Technology Professionals

E - mail News SMS Headlines Desktop Alerts News Feeds Job Alerts Technology Events Press-Releases