Threat Level: green Handler on Duty: Bojan Zdrnja

SANS ISC: InfoSec Handlers Diary Blog - New info disclosure vuln in Safari reported InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

New info disclosure vuln in Safari reported

Published: 2009-01-13
Last Updated: 2009-01-13 23:07:45 UTC
by Toby Kohlenberg (Version: 1)
0 comment(s)

Ismael Valenzuela pointed us at Brian Mastenbrook's blog where he has published a new information disclosure vulnerability in Safari. The vuln potentially allows a malicious website to read files on the local system.

The vulnerability applies to

  • anyone running OS.X 10.5 who have left the system default setting for the RSS feed reader. Which browser you use is irrelevant.
  • Windows users of Safari

According to Brian, Apple hasn't responded to this yet though he claims to have contacted them.

Keywords:
0 comment(s)
Diary Archives