Register FAQ / Rules Forum Spy Search Today's Posts Mark Forums Read
Go Back   MacRumors Forums > News and Article Discussion > MacRumors.com News Discussion

Reply
 
Thread Tools Search this Thread Display Modes
Old Jan 13, 2009, 07:39 AM   #1
Habakuk
macrumors 6502a
 
Join Date: Jul 2007
Location: Vienna Austria Europe
Vulnerability in Safari

http://www.heise-online.co.uk/news/V...afari--/112402
__________________
Hurry up! Selected & time-limited iOS App Store FREEbies and sales
(German-language blog; but you'll find all links, pics and videos)
Habakuk is offline   0 Reply With Quote
Old Jan 13, 2009, 08:36 AM   #2
Tallest Skil
Banned
 
Join Date: Aug 2006
Location: 1 Geostationary Tower Plaza
Here's my opinion: We'll be getting a Safari update soon! Yay!
Tallest Skil is offline   0 Reply With Quote
Old Jan 13, 2009, 08:47 AM   #3
r.j.s
Moderator emeritus
 
r.j.s's Avatar
 
Join Date: Mar 2007
Location: Fort Knox
Good thing I don't use Safari to handle my RSS feeds.
r.j.s is offline   0 Reply With Quote
Old Jan 13, 2009, 11:10 AM   #4
MacRumors
macrumors bot
 
Join Date: Apr 2001
Security Vulnerability Found in Safari RSS



Open source programmer Brian Mastenbrook has discovered a security flaw in the way that Safari handles RSS feeds. The vulnerability, which affects both Mac and Windows versions of Safari, could allow a malicious website to gain access to sensitive user data.

Quote:
I have discovered that Apple's Safari browser is vulnerable to an attack that allows a malicious web site to read files on a user's hard drive without user intervention. This can be used to gain access to sensitive information stored on the user's computer, such as emails, passwords, or cookies that could be used to gain access to the user's accounts on some web sites. The vulnerability has been acknowledged by Apple.
Mastenbrook reports that all OS X 10.5 Leopard users, regardless of whether they use Safari or RSS feeds, should protect themselves by choosing an application other than Safari for reading RSS feeds, an option available in the "RSS" tab of Safari's Preferences. Safari for Windows users should utilize a different browser until Apple issues a patch. Mastenbrook, who has received credit from Apple for reporting a number of security issues over the past year, says that Apple has not given a timeframe for a fix.

Article Link: Security Vulnerability Found in Safari RSS
MacRumors is offline   0 Reply With Quote
Old Jan 13, 2009, 11:12 AM   #5
plumbingandtech
macrumors 68000
 
Join Date: Jun 2007
The temp fix is very easy. Everyone should do so now:


Quote:
Open Safari and select Preferences... from the Safari menu.
Choose the RSS tab from the top of the Preferences window.
Click on the Default RSS reader pop-up and select an application other than Safari.
__________________
The Palm Pre is the new Sarah Palin.
plumbingandtech is offline   0 Reply With Quote
Old Jan 13, 2009, 11:13 AM   #6
chainprayer
macrumors 6502a
 
Join Date: Feb 2008
Send a message via AIM to chainprayer
Scary. Its amazing what people can do today. Everything was so simple before the internet :P
__________________
ViralPixel.net
chainprayer is offline   0 Reply With Quote
Old Jan 13, 2009, 11:17 AM   #7
Jayomat
macrumors 6502a
 
Jayomat's Avatar
 
Join Date: Jan 2009
I hope people start realizing that Safari isn't, as apple puts it, "the world's best browser".......
__________________
Present: Moto G 4.4.2; MacBook Pro 7,1; iPad3;
Past: MacBook 2,1; iPod Shuffle 1; iPod Nano 4; iPod Touch 2; iPhone "2G", 3GS, 4S, 5, SGS3
Jayomat is offline   0 Reply With Quote
Old Jan 13, 2009, 11:18 AM   #8
pimentoLoaf
macrumors Demi-God
 
pimentoLoaf's Avatar
 
Join Date: Dec 2001
Location: The SimCity Deli
So ... who makes the best RSS reader?
__________________
Porkchops and bacon, my two favorite animals....Homer Simpson
pimentoLoaf is offline   0 Reply With Quote
Old Jan 13, 2009, 11:22 AM   #9
Spades
macrumors 6502
 
Join Date: Oct 2003
If this doesn't affect Mail, you can switch to that as your RSS reader. I've been using Mail as my RSS reader since Leopard came out. Works better than Safari did.
Spades is offline   0 Reply With Quote
Old Jan 13, 2009, 11:25 AM   #10
Drumjim85
macrumors 68020
 
Drumjim85's Avatar
 
Join Date: Oct 2007
Location: DFW, TX
Quote:
Originally Posted by pimentoLoaf View Post
So ... who makes the best RSS reader?
google?
__________________
Creative Commons - because copyright is broken.
Drumjim85 is offline   0 Reply With Quote
Old Jan 13, 2009, 11:37 AM   #11
J the Ninja
macrumors 68000
 
Join Date: Jul 2008
Quote:
Originally Posted by pimentoLoaf View Post
So ... who makes the best RSS reader?
Firefox. Live bookmarks!
__________________
Flickr | deviantART | Vimeo
J the Ninja is offline   0 Reply With Quote
Old Jan 13, 2009, 11:39 AM   #12
acxz
macrumors regular
 
Join Date: Nov 2007
They say switch to an alternative RSS reader, but surely if you stick to reputable feeds this won't be an issue?

Should be interesting to see how long it takes Apple to release a patch anyhow.
acxz is offline   0 Reply With Quote
Old Jan 13, 2009, 11:39 AM   #13
andiwm2003
macrumors 601
 
andiwm2003's Avatar
 
Join Date: Mar 2004
Location: Boston, MA
thats bad for mac users. windows users are used to such things anyway.

i hope apple fixes that soon. i'm actually surprised that OS X allows that to happen. i guess lots of other apps have similar gaps.
andiwm2003 is offline   0 Reply With Quote
Old Jan 13, 2009, 11:41 AM   #14
EmperorDarius
macrumors 6502a
 
Join Date: Jan 2009
Quote:
Originally Posted by Jayomat View Post
I hope people start realizing that Safari isn't, as apple puts it, "the world's best browser".......
Why not? No browser is immune to vulnerabilities.
EmperorDarius is offline   0 Reply With Quote
Old Jan 13, 2009, 11:44 AM   #15
lowbatteries
macrumors regular
 
Join Date: Mar 2008
Quote:
Originally Posted by pimentoLoaf View Post
So ... who makes the best RSS reader?
It depends on how you use RSS feeds. If you read them like email, where each post deserves your attention, use Mail. If you use them just to see what's the latest on a particular website, Firefox live bookmarks are nice.

I use NetNewsWire just so I have syncing between my Mac and my iPhone.

First though I would see what programs are already in your Dock and check on their RSS options - if you already have Firefox, Safari, Mail, Thunderbird, or any other browser or mail program running, use those. No use in running another always-on program if you don't need to.

Like another poster said, if you are only getting RSS feeds from reputable sites (and no comments feeds - those could be bad), Safari should be fine.

Last edited by lowbatteries; Jan 13, 2009 at 11:49 AM. Reason: adding in Thunderbird as an option
lowbatteries is offline   0 Reply With Quote
Old Jan 13, 2009, 11:45 AM   #16
NATO
macrumors 68000
 
NATO's Avatar
 
Join Date: Feb 2005
Location: Northern Ireland
Does this mean you'd have to subscribe to an 'infected' RSS feed in order to be vulnerable? ie, would you be okay to continue using Safari for RSS if you're only using reputable feeds, eg. MacRumors?

Edit - Whoops, skimmed through the posts and managed to miss the one that actually seemed to answer my question.. doh
__________________
"Don't bother trying to join the Bureau of Alcohol, Tobacco and Firearms. It turns out they're apparently against all three." Wiley
NATO is offline   0 Reply With Quote
Old Jan 13, 2009, 11:47 AM   #17
lowbatteries
macrumors regular
 
Join Date: Mar 2008
Quote:
Originally Posted by Jayomat View Post
I hope people start realizing that Safari isn't, as apple puts it, "the world's best browser".......
I think its a matter of opinion what the BEST browser is. I think its safe to say what the world's WORST browsers are, in order:

1. IE6
2. IE7
3. IE8

So I think the "world's best browser" is ANY browser that isn't IE.

EDIT: I just realized that most standard cell phone browsers should be in that list too.

Last edited by lowbatteries; Jan 13, 2009 at 11:52 AM.
lowbatteries is offline   0 Reply With Quote
Old Jan 13, 2009, 11:53 AM   #18
Sehnsucht
macrumors 65816
 
Join Date: Sep 2008
Quote:
Originally Posted by lowbatteries View Post
EDIT: I just realized that most standard cell phone browsers should be in that list too.
IE mobile (for WinMo) sucks ass. I used to have a Motorola Q and threw that thing as far as I could.
__________________
Farewell...
Sehnsucht is offline   0 Reply With Quote
Old Jan 13, 2009, 12:06 PM   #19
lkrupp
macrumors 6502
 
Join Date: Jul 2004
Quote:
Originally Posted by Jayomat View Post
I hope people start realizing that Safari isn't, as apple puts it, "the world's best browser".......
Let's see now. You joined MacRumors just this month and are already trolling away. So why are you here anyway? Are you a Mac user? A Windows fanboy?

So should we all crawl under our beds in fear now? I, for one, don't plan on doing anything. Notice that the "researchers" always use words like "might", "could", "maybe", "under certain conditions"? Isn't the only thing we have to fear supposed to be fear itself? Chicken Little's are always ready to wring their hands and fret. What a way to live one's life, in constant fear.
lkrupp is offline   0 Reply With Quote
Old Jan 13, 2009, 12:09 PM   #20
settledown
macrumors regular
 
Join Date: Feb 2003
Location: pittsburgh
My RSS reader...

I have set Chess to be my RSS feed reader.

I think that should fix it.
__________________
sig.'s waste time and brain bandwidth
settledown is offline   0 Reply With Quote
Old Jan 13, 2009, 12:10 PM   #21
MarkMS
macrumors 6502a
 
Join Date: Aug 2006
Straight from Brian Mastenbrook's website:
Quote:
... users of Mac OS X Leopard should protect themselves until a fix is issued by Apple by choosing a default feed reader other than Safari, such as Mail.

So those who don't use RSS apps can just link up to Mail.app and be okay for now.
MarkMS is offline   0 Reply With Quote
Old Jan 13, 2009, 12:13 PM   #22
lkrupp
macrumors 6502
 
Join Date: Jul 2004
Quote:
Originally Posted by r.j.s View Post
Good thing I don't use Safari to handle my RSS feeds.
So how do you know that what you do use isn't just as vulnerable, hmmmm?
lkrupp is offline   0 Reply With Quote
Old Jan 13, 2009, 12:24 PM   #23
SFStateStudent
macrumors 604
 
SFStateStudent's Avatar
 
Join Date: Aug 2007
Location: San Francisco California, USA
Send a message via AIM to SFStateStudent Send a message via Yahoo to SFStateStudent Send a message via Skype™ to SFStateStudent
Has Safari 4.0 addressed this issue? I've already defaulted RSS to FF, though I've never used RSS...
__________________
MBP 2.5GHz 640GB 4GB RAM Mac Pro iPhone 4S iOS 5 Black 64GB AC+ NEW iPad Apple TV 2G
SFStateStudent is offline   0 Reply With Quote
Old Jan 13, 2009, 12:32 PM   #24
thejadedmonkey
macrumors 604
 
thejadedmonkey's Avatar
 
Join Date: May 2005
Location: Pa
Send a message via AIM to thejadedmonkey
Quote:
Originally Posted by lowbatteries View Post
I think its a matter of opinion what the BEST browser is. I think its safe to say what the world's WORST browsers are, in order:

1. IE6
2. IE7
3. IE8

So I think the "world's best browser" is ANY browser that isn't IE.

EDIT: I just realized that most standard cell phone browsers should be in that list too.
Dude, I'm using IE8 right now, and aside from some minor bugs, it's really nice. I don't see how you can complain about something that's not even out of beta yet!

You're also forgetting that when IE6 came out, it was a really good browser. There were no CSS issues because there were no browser wars- IE6 was the internet.

Don't forget about IE for mac. That was one of the BEST browsers out there, for quite some time.
__________________
MacBook 17" MacBook Pro iPod Nano Apple TV
PS4 Custom Windows 8.1 Desktop WP8
"Good judgment comes from experience,
experience comes from bad judgment."
- Mulla Nasrudin
thejadedmonkey is offline   0 Reply With Quote
Old Jan 13, 2009, 12:40 PM   #25
JG271
macrumors 6502a
 
JG271's Avatar
 
Join Date: Dec 2007
Location: UK
Damn. The only reason I use safari over firefox is because of the RSS reader!

This programmer guy could have waited to make the news public
Now hackers will know about it!
JG271 is offline   0 Reply With Quote

Reply
MacRumors Forums > News and Article Discussion > MacRumors.com News Discussion

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
thread Thread Starter Forum Replies Last Post
Security Vulnerability Discovered in Skype for Mac, Latest Update Includes Patch MacRumors Mac Blog Discussion 40 Jun 6, 2011 10:40 AM
Firefox: show RSS counts in menubar brijazz Mac Applications and Mac App Store 1 May 12, 2011 02:29 PM
New Mac OS X Security Vulnerability Found MacRumors Mac Blog Discussion 25 Nov 28, 2006 12:57 AM
Pop-up vulnerability found in IE, IE for Mac, Safari, iCab, ... MacBytes MacBytes.com News Discussion 17 Jun 23, 2005 01:57 PM
Multiple Vulnerabilities Found in Symantec Client Products MacBytes New Mac Application Announcements 6 May 13, 2004 12:38 PM


All times are GMT -5. The time now is 06:25 PM.

Mac Rumors | Mac | iPhone | iPhone Game Reviews | iPhone Apps

Mobile Version | Fixed | Fluid | Fluid HD
Copyright 2002-2013, MacRumors.com, LLC