“Computer scientist Brian Mastenbrook has discovered a fairly serious bug in Safari’s RSS feed handling that can allow a maliciously-crafted web page to access personal information without any knowledge or intervention of the user,” Chris Foresman reports for Ars Technica.
“This vulnerability affects any Mac OS X user that has Safari set as the default feed reader in Safari’s RSS preferences,” Foresman reports.
“The workarounds are fairly simple and straightforward. Mac users need to fire up Safari and go to Safari > Preferences > RSS, and set the default reader to anything other than Safari, even Mail. Windows users can simply use a different browser, though that doesn’t bode well for Safari’s adoption on Windows. Hopefully Apple will release a fix soon,” Foresman reports.
Full article here.
MacDailyNews Note: In Mac OS X Leopard, you can subscribe to an RSS feed in Mail and you’ll know the moment an article hits. You can even choose to have new articles appear in your inbox alongside your latest email messages. Sorting your news is easy, too. Use Smart Mailboxes to organize incoming news articles according to search terms of interest. Mail shares its unread RSS feed count with Safari, so your reading list always stays in sync.
[Thanks to MacDailyNews Reader “Lurker_PC” for the heads up.]