« Oracle Releases Critical Patch Update With 41 Fixes | Main | Site Migration To New Hoster »

Safari RSS Reader Vulnerability

In 2006 I gave a talk at blackhat on the risks of RSS vulnerabilities. It appears Safari has a flaw in its RSS reader as outlined by Brian Mastenbrook.

"The original version of this page contained a simple workaround for this issue which I believed would protect users against this problem. I have since discovered (on 13 January 2009) that changing the default RSS feed reader application in Safari does not correctly disassociate Safari from all RSS feed URLs. The workaround section of this post has been updated with additional information. I regret that what initially appeared to be a simple workaround is now substantially more complicated and requires the installation of third-party software to perform.

I have discovered that Apple's Safari browser is vulnerable to an attack that allows a malicious web site to read files on a user's hard drive without user intervention. This can be used to gain access to sensitive information stored on the user's computer, such as emails, passwords, or cookies that could be used to gain access to the user's accounts on some web sites. The vulnerability has been acknowledged by Apple.

All users of Mac OS X 10.5 Leopard who have not performed the workaround steps listed below are affected, regardless of whether they use any RSS feeds. Users of previous versions of Mac OS X are not affected."

Read More: http://brian.mastenbrook.net/display/27
RSS Security Whitepaper: http://www.cgisecurity.com/papers/HackingFeeds.pdf
Blackhat Slides: http://www.cgisecurity.com/papers/RSS-Security.ppt


Feed You can follow this conversation by subscribing to the comment feed for this post.

All Comments are Moderated and will be delayed!