Security Vulnerability Found in Safari RSS

Discussion in ' News Discussion' started by Habakuk, Jan 13, 2009.

  1. macrumors 6502a

    Jul 10, 2007
    Vienna Austria Europe
  2. macrumors P6

    Tallest Skil

    Aug 13, 2006
    1 Geostationary Tower Plaza
    Here's my opinion: We'll be getting a Safari update soon! Yay!
  3. Moderator emeritus


    Mar 7, 2007
    Good thing I don't use Safari to handle my RSS feeds.
  4. macrumors bot


    Apr 12, 2001
    Security Vulnerability Found in Safari RSS


    Open source programmer Brian Mastenbrook has discovered a security flaw in the way that Safari handles RSS feeds. The vulnerability, which affects both Mac and Windows versions of Safari, could allow a malicious website to gain access to sensitive user data.

    Mastenbrook reports that all OS X 10.5 Leopard users, regardless of whether they use Safari or RSS feeds, should protect themselves by choosing an application other than Safari for reading RSS feeds, an option available in the "RSS" tab of Safari's Preferences. Safari for Windows users should utilize a different browser until Apple issues a patch. Mastenbrook, who has received credit from Apple for reporting a number of security issues over the past year, says that Apple has not given a timeframe for a fix.

    Article Link: Security Vulnerability Found in Safari RSS
  5. macrumors 68000

    Jun 20, 2007
    The temp fix is very easy. Everyone should do so now:

  6. macrumors 6502a

    Feb 10, 2008
    Scary. Its amazing what people can do today. Everything was so simple before the internet :p
  7. macrumors 6502a


    Jan 10, 2009
    I hope people start realizing that Safari isn't, as apple puts it, "the world's best browser".......
  8. macrumors 68000


    Dec 30, 2001
    The SimCity Deli
  9. macrumors 6502

    Oct 24, 2003
    If this doesn't affect Mail, you can switch to that as your RSS reader. I've been using Mail as my RSS reader since Leopard came out. Works better than Safari did.
  10. macrumors 68030


    Oct 7, 2007
    DFW, TX
  11. macrumors 68000

    Jul 14, 2008
    Firefox. Live bookmarks!
  12. macrumors regular

    Nov 30, 2007
    They say switch to an alternative RSS reader, but surely if you stick to reputable feeds this won't be an issue?

    Should be interesting to see how long it takes Apple to release a patch anyhow.
  13. macrumors 601


    Mar 29, 2004
    Boston, MA
    thats bad for mac users. windows users are used to such things anyway.:p

    i hope apple fixes that soon. i'm actually surprised that OS X allows that to happen. i guess lots of other apps have similar gaps.
  14. macrumors 6502a

    Jan 2, 2009
    Why not? No browser is immune to vulnerabilities.
  15. macrumors regular

    Mar 21, 2008
    It depends on how you use RSS feeds. If you read them like email, where each post deserves your attention, use Mail. If you use them just to see what's the latest on a particular website, Firefox live bookmarks are nice.

    I use NetNewsWire just so I have syncing between my Mac and my iPhone.

    First though I would see what programs are already in your Dock and check on their RSS options - if you already have Firefox, Safari, Mail, Thunderbird, or any other browser or mail program running, use those. No use in running another always-on program if you don't need to.

    Like another poster said, if you are only getting RSS feeds from reputable sites (and no comments feeds - those could be bad), Safari should be fine.
  16. macrumors 68000


    Feb 14, 2005
    Northern Ireland
    Does this mean you'd have to subscribe to an 'infected' RSS feed in order to be vulnerable? ie, would you be okay to continue using Safari for RSS if you're only using reputable feeds, eg. MacRumors?

    Edit - Whoops, skimmed through the posts and managed to miss the one that actually seemed to answer my question.. doh :p
  17. macrumors regular

    Mar 21, 2008
    I think its a matter of opinion what the BEST browser is. I think its safe to say what the world's WORST browsers are, in order:

    1. IE6
    2. IE7
    3. IE8

    So I think the "world's best browser" is ANY browser that isn't IE.

    EDIT: I just realized that most standard cell phone browsers should be in that list too.
  18. macrumors 65816

    Sep 21, 2008
    :D IE mobile (for WinMo) sucks ass. I used to have a Motorola Q and threw that thing as far as I could. :cool:
  19. macrumors 6502

    Jul 24, 2004
    Let's see now. You joined MacRumors just this month and are already trolling away. So why are you here anyway? Are you a Mac user? A Windows fanboy?

    So should we all crawl under our beds in fear now? I, for one, don't plan on doing anything. Notice that the "researchers" always use words like "might", "could", "maybe", "under certain conditions"? Isn't the only thing we have to fear supposed to be fear itself? Chicken Little's are always ready to wring their hands and fret. What a way to live one's life, in constant fear.
  20. macrumors regular

    Feb 28, 2003
    My RSS reader...

    I have set Chess to be my RSS feed reader.

    I think that should fix it.
  21. macrumors 6502a

    Aug 30, 2006
    Straight from Brian Mastenbrook's website:

    So those who don't use RSS apps can just link up to and be okay for now.
  22. macrumors 6502

    Jul 24, 2004
    So how do you know that what you do use isn't just as vulnerable, hmmmm?
  23. macrumors 604


    Aug 28, 2007
    San Francisco California, USA
    Has Safari 4.0 addressed this issue? I've already defaulted RSS to FF, though I've never used RSS...
  24. macrumors 604


    May 28, 2005
    Dude, I'm using IE8 right now, and aside from some minor bugs, it's really nice. I don't see how you can complain about something that's not even out of beta yet!

    You're also forgetting that when IE6 came out, it was a really good browser. There were no CSS issues because there were no browser wars- IE6 was the internet.

    Don't forget about IE for mac. That was one of the BEST browsers out there, for quite some time.
  25. macrumors 6502a


    Dec 17, 2007
    Damn. The only reason I use safari over firefox is because of the RSS reader!

    This programmer guy could have waited to make the news public:rolleyes:
    Now hackers will know about it!

Share This Page