Security Vulnerability Found in Safari RSS

Discussion in 'MacRumors.com News Discussion' started by Habakuk, Jan 13, 2009.

  1. macrumors 6502a

    Joined:
    Jul 10, 2007
    Location:
    Vienna Austria Europe
  2. macrumors P6

    Tallest Skil

    Joined:
    Aug 13, 2006
    Location:
    1 Geostationary Tower Plaza
    #2
    Here's my opinion: We'll be getting a Safari update soon! Yay!
     
  3. Moderator emeritus

    r.j.s

    Joined:
    Mar 7, 2007
    Location:
    Missouri
    #3
    Good thing I don't use Safari to handle my RSS feeds.
     
  4. macrumors bot

    MacRumors

    Joined:
    Apr 12, 2001
    #4
    Security Vulnerability Found in Safari RSS

    [​IMG]

    Open source programmer Brian Mastenbrook has discovered a security flaw in the way that Safari handles RSS feeds. The vulnerability, which affects both Mac and Windows versions of Safari, could allow a malicious website to gain access to sensitive user data.

    Mastenbrook reports that all OS X 10.5 Leopard users, regardless of whether they use Safari or RSS feeds, should protect themselves by choosing an application other than Safari for reading RSS feeds, an option available in the "RSS" tab of Safari's Preferences. Safari for Windows users should utilize a different browser until Apple issues a patch. Mastenbrook, who has received credit from Apple for reporting a number of security issues over the past year, says that Apple has not given a timeframe for a fix.

    Article Link: Security Vulnerability Found in Safari RSS
     
  5. macrumors 68000

    Joined:
    Jun 20, 2007
    #5
    The temp fix is very easy. Everyone should do so now:


     
  6. macrumors 6502a

    chainprayer

    Joined:
    Feb 10, 2008
    #6
    Scary. Its amazing what people can do today. Everything was so simple before the internet :p
     
  7. macrumors 6502a

    Jayomat

    Joined:
    Jan 10, 2009
    #7
    I hope people start realizing that Safari isn't, as apple puts it, "the world's best browser".......
     
  8. macrumors 68000

    pimentoLoaf

    Joined:
    Dec 30, 2001
    Location:
    The SimCity Deli
  9. macrumors 6502

    Joined:
    Oct 24, 2003
    #9
    If this doesn't affect Mail, you can switch to that as your RSS reader. I've been using Mail as my RSS reader since Leopard came out. Works better than Safari did.
     
  10. macrumors 68030

    Drumjim85

    Joined:
    Oct 7, 2007
    Location:
    DFW, TX
    #10
    google?
     
  11. macrumors 68000

    Joined:
    Jul 14, 2008
    #11
    Firefox. Live bookmarks!
     
  12. macrumors regular

    Joined:
    Nov 30, 2007
    #12
    They say switch to an alternative RSS reader, but surely if you stick to reputable feeds this won't be an issue?

    Should be interesting to see how long it takes Apple to release a patch anyhow.
     
  13. macrumors 601

    andiwm2003

    Joined:
    Mar 29, 2004
    Location:
    Boston, MA
    #13
    thats bad for mac users. windows users are used to such things anyway.:p

    i hope apple fixes that soon. i'm actually surprised that OS X allows that to happen. i guess lots of other apps have similar gaps.
     
  14. macrumors 6502a

    Joined:
    Jan 2, 2009
    #14
    Why not? No browser is immune to vulnerabilities.
     
  15. macrumors regular

    Joined:
    Mar 21, 2008
    #15
    It depends on how you use RSS feeds. If you read them like email, where each post deserves your attention, use Mail. If you use them just to see what's the latest on a particular website, Firefox live bookmarks are nice.

    I use NetNewsWire just so I have syncing between my Mac and my iPhone.

    First though I would see what programs are already in your Dock and check on their RSS options - if you already have Firefox, Safari, Mail, Thunderbird, or any other browser or mail program running, use those. No use in running another always-on program if you don't need to.

    Like another poster said, if you are only getting RSS feeds from reputable sites (and no comments feeds - those could be bad), Safari should be fine.
     
  16. macrumors 68000

    NATO

    Joined:
    Feb 14, 2005
    Location:
    Northern Ireland
    #16
    Does this mean you'd have to subscribe to an 'infected' RSS feed in order to be vulnerable? ie, would you be okay to continue using Safari for RSS if you're only using reputable feeds, eg. MacRumors?

    Edit - Whoops, skimmed through the posts and managed to miss the one that actually seemed to answer my question.. doh :p
     
  17. macrumors regular

    Joined:
    Mar 21, 2008
    #17
    I think its a matter of opinion what the BEST browser is. I think its safe to say what the world's WORST browsers are, in order:

    1. IE6
    2. IE7
    3. IE8

    So I think the "world's best browser" is ANY browser that isn't IE.

    EDIT: I just realized that most standard cell phone browsers should be in that list too.
     
  18. macrumors 65816

    Joined:
    Sep 21, 2008
    #18
    :D IE mobile (for WinMo) sucks ass. I used to have a Motorola Q and threw that thing as far as I could. :cool:
     
  19. macrumors 6502

    Joined:
    Jul 24, 2004
    #19
    Let's see now. You joined MacRumors just this month and are already trolling away. So why are you here anyway? Are you a Mac user? A Windows fanboy?

    So should we all crawl under our beds in fear now? I, for one, don't plan on doing anything. Notice that the "researchers" always use words like "might", "could", "maybe", "under certain conditions"? Isn't the only thing we have to fear supposed to be fear itself? Chicken Little's are always ready to wring their hands and fret. What a way to live one's life, in constant fear.
     
  20. macrumors regular

    Joined:
    Feb 28, 2003
    Location:
    pittsburgh
    #20
    My RSS reader...

    I have set Chess to be my RSS feed reader.

    I think that should fix it.
     
  21. macrumors 6502a

    Joined:
    Aug 30, 2006
    #21
    Straight from Brian Mastenbrook's website:

    So those who don't use RSS apps can just link up to Mail.app and be okay for now.
     
  22. macrumors 6502

    Joined:
    Jul 24, 2004
    #22
    So how do you know that what you do use isn't just as vulnerable, hmmmm?
     
  23. macrumors 604

    SFStateStudent

    Joined:
    Aug 28, 2007
    Location:
    San Francisco California, USA
    #23
    Has Safari 4.0 addressed this issue? I've already defaulted RSS to FF, though I've never used RSS...
     
  24. macrumors 604

    thejadedmonkey

    Joined:
    May 28, 2005
    Location:
    Pa
    #24
    Dude, I'm using IE8 right now, and aside from some minor bugs, it's really nice. I don't see how you can complain about something that's not even out of beta yet!

    You're also forgetting that when IE6 came out, it was a really good browser. There were no CSS issues because there were no browser wars- IE6 was the internet.

    Don't forget about IE for mac. That was one of the BEST browsers out there, for quite some time.
     
  25. macrumors 6502a

    JG271

    Joined:
    Dec 17, 2007
    Location:
    UK
    #25
    Damn. The only reason I use safari over firefox is because of the RSS reader!

    This programmer guy could have waited to make the news public:rolleyes:
    Now hackers will know about it!
     

Share This Page