Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: InfoSec Handlers Diary Blog InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

New info disclosure vuln in Safari reported

Published: 2009-01-13
Last Updated: 2009-01-13 23:07:45 UTC
by Toby Kohlenberg (Version: 1)
0 comment(s)

Ismael Valenzuela pointed us at Brian Mastenbrook's blog where he has published a new information disclosure vulnerability in Safari. The vuln potentially allows a malicious website to read files on the local system.

The vulnerability applies to

  • anyone running OS.X 10.5 who have left the system default setting for the RSS feed reader. Which browser you use is irrelevant.
  • Windows users of Safari

According to Brian, Apple hasn't responded to this yet though he claims to have contacted them.

Keywords:
0 comment(s)
Diary Archives