Independent security researcher Brian Masterbrook says an unpatched flaw in Apple’s Safari browser could leave Mac OS X and Windows usrs open to attack from hackers who could take over their computers.


In his blog, Masterbrook explains that the vulnerability is associated with the way Safari handles RSS feeds. However, he stresses that users need not be using RSS to be open to hacker intrusions.

“Users of Firefox, Camino, and Opera on Mac OS X are substantially better protected against exploitation by a malicious web page than users of Safari or OmniWeb. If users of these browsers are asked to open a link in Safari, they should not allow the request and close the page which triggered the request immediately. All users of Mac OS X may still be affected by clicking on a malicious link from their email client, instant messaging program, or another application, and should perform the workaround steps given below. … Users of Safari on Windows are also affected. Users who have Safari for Windows installed but do not use it for browsing are not affected.”

Masterman says Apple is aware of the flaw but has not yet issued an update to address it. Masterman, however, has posted a workaround on his blog which should protect Safari users ub til Apple issues an official patch.

Leave a Reply