Brian Mastenbrook: Disclosure of information vulnerability in Safari

by Volker Weber


Alper sent this in today, and I was so tied up that I couldn't post it.

I have discovered that Apple's Safari browser is vulnerable to an attack that allows a malicious web site to read files on a user's hard drive without user intervention. This can be used to gain access to sensitive information stored on the user's computer, such as emails, passwords, or cookies that could be used to gain access to the user's accounts on some web sites. The vulnerability has been acknowledged by Apple.

Workaround: don't let Safari handle RSS feeds. Or don't use Safari.

More >


This seems to grow into a perpetuum mobile (kind of...). Almost every time I read about a newly discovered vulnerability in a browser, one of the suggested workarounds is: don't use this browser. Only: such recommendations regularly appear for IE, Firefox (and it's derivatives), Opera (a bit less frequently maybe) and Safari (and thus several of them probably apply to all WebKit browsers). Which browsers are left then? I guess there is no better choice, best would probably be to rotate browser use to the currently least vulnerable... how to find out which one that is? I don't know.

Ragnar Schierholz, 2009-01-13

Ragnar, I think you should use Lynx. ;-)

Oliver Regelmann, 2009-01-13

Old archive pages

I explain difficult concepts in simple ways. For free, and for money. Clue procurement and bullshit detection.


Paypal vowe