Serious security vulnerability in Safari web browser reported

Graham Cluley
@gcluley

An open source software engineer with a history of uncovering flaws in Mac OS X, claims to have uncovered a security vulnerability in Apple’s web browser Safari, affecting both Windows and Apple Mac users.

Brian Mastenbrook has blogged that a serious vulnerability in the way that Safari handles RSS feeds could be abused by hackers to gain access to any file on your hard drive.

It’s important to realise that at the moment there is no reason to believe that the vulnerability is being exploited in the wild. Given Mastenbrook’s track record at finding flaws it would seem sensible to take his warning seriously, and he reports that Apple has acknowledged the existence of the vulnerability to him.

Mastenbrook offers a simple workaround for Apple Mac users – he says they should select a different feed reader in their preferences…

Read more in my article on the Naked Security website.

Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.


Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, or drop him an email.