Brian Mastenbrook: Disclosure of information vulnerability in Safari

by Volker Weber

defaultrssreader

Alper sent this in today, and I was so tied up that I couldn't post it.

I have discovered that Apple's Safari browser is vulnerable to an attack that allows a malicious web site to read files on a user's hard drive without user intervention. This can be used to gain access to sensitive information stored on the user's computer, such as emails, passwords, or cookies that could be used to gain access to the user's accounts on some web sites. The vulnerability has been acknowledged by Apple.

Workaround: don't let Safari handle RSS feeds. Or don't use Safari.

More >

Comments

This seems to grow into a perpetuum mobile (kind of...). Almost every time I read about a newly discovered vulnerability in a browser, one of the suggested workarounds is: don't use this browser. Only: such recommendations regularly appear for IE, Firefox (and it's derivatives), Opera (a bit less frequently maybe) and Safari (and thus several of them probably apply to all WebKit browsers). Which browsers are left then? I guess there is no better choice, best would probably be to rotate browser use to the currently least vulnerable... how to find out which one that is? I don't know.

Ragnar Schierholz, 2009-01-13

Ragnar, I think you should use Lynx. ;-)

Oliver Regelmann, 2009-01-13

Recent comments

Volker Weber on Marshall Monitor II A.N.C. :: Erste Eindrücke at 08:07
Thomas Cloer on Marshall Monitor II A.N.C. :: Erste Eindrücke at 07:57
Matthias Lorz on The Neighbor’s Window :: Oscar Winning Short Film at 12:47
Volker Weber on The Neighbor’s Window :: Oscar Winning Short Film at 11:54
Fabio Peruzzi on The Neighbor’s Window :: Oscar Winning Short Film at 11:48
Fabio Peruzzi on The Neighbor’s Window :: Oscar Winning Short Film at 11:45
Horia Stanescu on The Neighbor’s Window :: Oscar Winning Short Film at 07:04
Martin Funk on The Neighbor’s Window :: Oscar Winning Short Film at 00:00
Sven Bühler on I am not ready for a foldable phone at 22:03
Andreas Imnitzer on The Neighbor’s Window :: Oscar Winning Short Film at 21:48
Roland Dressler on I am not ready for a foldable phone at 15:02
Daniel Seiler on I am not ready for a foldable phone at 13:51
Roland Dressler on I am not ready for a foldable phone at 12:55
Hubert Stettner on I am not ready for a foldable phone at 10:51
Matthias Welling on Tools and Weapons #nowreading at 09:05
Ingo Harpel on You may secretly be a Bing user at 20:01
Amy Blumenfield on Tools and Weapons #nowreading at 19:44
Horia Stanescu on You are famous on Botnet at 12:33
Volker Weber on You are famous on Botnet at 20:17
Dr. Kurt Glasner on You are famous on Botnet at 17:29
Mathias Ziolo on You are famous on Botnet at 14:12
Stephan Herz on You may secretly be a Bing user at 13:45
Volker Weber on Man stelle sich vor, es ist MWC, und keiner geht hin at 20:19
Andy Mell on Man stelle sich vor, es ist MWC, und keiner geht hin at 19:53
Volker Weber on You may secretly be a Bing user at 19:09

Ceci n'est pas un blog

I explain difficult concepts in simple ways. For free, and for money. Clue procurement and bullshit detection.

vowe

Contact
Publications
Stuff that works
Amazon Wish List
Frequently Asked Questions

rss feed  twitter  amazon

Local time is 20:11

visitors.gif

Paypal vowe