Posted on 01/15/2009 1:39:43 AM PST by Swordmaker
I have discovered that Apple's Safari browser is vulnerable to an attack that allows a malicious web site to read files on a user's hard drive without user intervention. This can be used to gain access to sensitive information stored on the user's computer, such as emails, passwords, or cookies that could be used to gain access to the user's accounts on some web sites. The vulnerability has been acknowledged by Apple.
All users of Mac OS X 10.5 Leopard who have not performed the workaround steps listed below are affected, regardless of whether they use any RSS feeds. Users of previous versions of Mac OS X are not affected.
Users of Firefox, Camino, and Opera on Mac OS X are substantially better protected against exploitation by a malicious web page than users of Safari or OmniWeb. If users of these browsers are asked to open a link in Safari, they should not allow the request and close the page which triggered the request immediately. All users of Mac OS X may still be affected by clicking on a malicious link from their email client, instant messaging program, or another application, and should perform the workaround steps given below.
Users of Safari on Windows are also affected. Users who have Safari for Windows installed but do not use it for browsing are not affected.
The details of this vulnerability have not been made public to the best of my knowledge, but secrecy is no guarantee against a sufficiently motivated attacker.
To work around this issue until a fix is released by Apple, users should perform the following steps:
The only workaround available for users of Safari on Windows is to use a different web browser.
Apple has not made information available on when a fix for this issue will be released. Users with questions or concerns should contact Apple as I have no additional information about this vulnerability which can be shared at this time.
For the curious, security issues in Mac OS X which I previously reported to Apple were fixed in Security Updates 2008-001, 2008-002, 2008-003, and 2008-004.
This has not been vetted for legitimacy, but Brian Masterbrook does have a background in finding vulnerabilities. However, I suspect this is a buffer overflow type issue. If the RSS feeds use the regular data stack area, then there is little damage a buffer overflow could do because on Macs the data stack is non-executable. Any malicious command imbedded in the overflow could not execute. Also, the command locations, say for the system command to load or open a file, are randomized so that any such command to jump to a system calls would land purely randomly and be unlikely to hit on anything damaging.
Windows Safari users might be more at risk.
If you want on or off the Mac Ping List, Freepmail me.
I really like Firefox on my MacBook Pro
Safari is better than IE but that's about it.
I’ve used Camino.
It’s a slimmed down, faster version of Firefox, specialized for the Mac. It’s released by the Mozilla Foundation, just like FF.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.