Free Republic
Browse · Search
General/Chat
Topics · Post Article

Skip to comments.

Disclosure of information vulnerability in Safari - Mac OSX.5 Leopard and Windows only

Posted on 01/15/2009 1:39:43 AM PST by Swordmaker

Disclosure of information vulnerability in Safari

Posted on Sun, 11 Jan 2009
Last edited Wed, 14 Jan 2009
Note: The original version of this page contained a simple workaround for this issue which I believed would protect users against this problem. I have since discovered (on 13 January 2009) that changing the default RSS feed reader application in Safari does not correctly disassociate Safari from all RSS feed URLs. The workaround section of this post has been updated with additional information. I regret that what initially appeared to be a simple workaround is now substantially more complicated and requires the installation of third-party software to perform.

I have discovered that Apple's Safari browser is vulnerable to an attack that allows a malicious web site to read files on a user's hard drive without user intervention. This can be used to gain access to sensitive information stored on the user's computer, such as emails, passwords, or cookies that could be used to gain access to the user's accounts on some web sites. The vulnerability has been acknowledged by Apple.

All users of Mac OS X 10.5 Leopard who have not performed the workaround steps listed below are affected, regardless of whether they use any RSS feeds. Users of previous versions of Mac OS X are not affected.

Users of Firefox, Camino, and Opera on Mac OS X are substantially better protected against exploitation by a malicious web page than users of Safari or OmniWeb. If users of these browsers are asked to open a link in Safari, they should not allow the request and close the page which triggered the request immediately. All users of Mac OS X may still be affected by clicking on a malicious link from their email client, instant messaging program, or another application, and should perform the workaround steps given below.

Users of Safari on Windows are also affected. Users who have Safari for Windows installed but do not use it for browsing are not affected.

The details of this vulnerability have not been made public to the best of my knowledge, but secrecy is no guarantee against a sufficiently motivated attacker.

To work around this issue until a fix is released by Apple, users should perform the following steps:

  1. Download and install the RCDefaultApp preference pane, following the included instructions.
  2. Open System Preferences and choose the Default Applications option.
  3. Select the "URLs" tab in the window that appears.
  4. Choose the "feed" URL type from the column on the left, and choose a different application or the "<disabled>" option.
  5. Repeat the previous step for the "feeds" and "feedsearch" URL types.

The only workaround available for users of Safari on Windows is to use a different web browser.

Apple has not made information available on when a fix for this issue will be released. Users with questions or concerns should contact Apple as I have no additional information about this vulnerability which can be shared at this time.

For the curious, security issues in Mac OS X which I previously reported to Apple were fixed in Security Updates 2008-001, 2008-002, 2008-003, and 2008-004.



TOPICS: Computers/Internet
KEYWORDS:

1 posted on 01/15/2009 1:39:43 AM PST by Swordmaker
[ Post Reply | Private Reply | View Replies]

To: 1234; 50mm; 6SJ7; Abundy; Action-America; acoulterfan; aristotleman; af_vet_rr; Aggie Mama; ...
Mac OS X.5 Leopard and Windows Safari RSS security issue—PING!

This has not been vetted for legitimacy, but Brian Masterbrook does have a background in finding vulnerabilities. However, I suspect this is a buffer overflow type issue. If the RSS feeds use the regular data stack area, then there is little damage a buffer overflow could do because on Macs the data stack is non-executable. Any malicious command imbedded in the overflow could not execute. Also, the command locations, say for the system command to load or open a file, are randomized so that any such command to jump to a system calls would land purely randomly and be unlikely to hit on anything damaging.

Windows Safari users might be more at risk.


Apple Safari Ping!

If you want on or off the Mac Ping List, Freepmail me.

2 posted on 01/15/2009 1:50:39 AM PST by Swordmaker (Remember, the proper pronunciation of IE is "AAAAIIIIIEEEEEEE!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Swordmaker
The only workaround available for users of Safari on Windows is to use a different web browser.
Love it !
3 posted on 01/15/2009 1:52:24 AM PST by ComputerGuy (not my real name)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Swordmaker

I really like Firefox on my MacBook Pro


4 posted on 01/15/2009 6:22:57 AM PST by Tribune7 (Obama wants to put the same crowd that ran Fannie Mae in charge of health care)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Tribune7
I am using Camino but have Firefox and Safari available also...
5 posted on 01/15/2009 7:02:31 AM PST by tubebender ( If swimming is good for your figure, explain whales to me.)
[ Post Reply | Private Reply | To 4 | View Replies]

To: tubebender
I've never tried Camino. I'm not a big Safari fan. I use it on my G4 Quicksilver because FF seems a little slow on it.

Safari is better than IE but that's about it.

6 posted on 01/15/2009 7:11:52 AM PST by Tribune7 (Obama wants to put the same crowd that ran Fannie Mae in charge of health care)
[ Post Reply | Private Reply | To 5 | View Replies]

To: Tribune7

I’ve used Camino.

It’s a slimmed down, faster version of Firefox, specialized for the Mac. It’s released by the Mozilla Foundation, just like FF.


7 posted on 01/15/2009 6:27:39 PM PST by jimtorr
[ Post Reply | Private Reply | To 6 | View Replies]

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
General/Chat
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson