Safari Vulnerability Allows “Evil Doers” To Get Your Personal Data

If you use Safari on either the Mac or Windows platforms, then you need to pay attention to this. Brian Mastenbrook who has found a couple of Apple related vulnerabilities in the past, has tripped over another one:

I have discovered that Apple’s Safari browser is vulnerable to an attack that allows a malicious web site to read files on a user’s hard drive without user intervention. This can be used to gain access to sensitive information stored on the user’s computer, such as emails, passwords, or cookies that could be used to gain access to the user’s accounts on some web sites. The vulnerability has been acknowledged by Apple.

He won’t give specific details, but he does have a workaround for you:

Because this vulnerability could be exploited by a phishing site in a way that would not cause affected users to suspect their information had been stolen, users of Mac OS X Leopard should protect themselves until a fix is issued by Apple by choosing a default feed reader other than Safari, such as Mail. To select a different feed reader:

  1. Open Safari and select Preferences… from the Safari menu.
  2. Choose the RSS tab from the top of the Preferences window.
  3. Click on the Default RSS reader pop-up and select an application other than Safari.

The only workaround available for users of Safari on Windows is to use a different web browser.

So take heed and protect yourself accordingly by either following his advice, or by using another browser.

Leave a Reply

%d bloggers like this: