New info disclosure vuln in Safari reported

Published: 2009-01-13
Last Updated: 2009-01-13 23:07:45 UTC
by Toby Kohlenberg (Version: 1)
0 comment(s)

Ismael Valenzuela pointed us at Brian Mastenbrook's blog where he has published a new information disclosure vulnerability in Safari. The vuln potentially allows a malicious website to read files on the local system.

The vulnerability applies to

  • anyone running OS.X 10.5 who have left the system default setting for the RSS feed reader. Which browser you use is irrelevant.
  • Windows users of Safari

According to Brian, Apple hasn't responded to this yet though he claims to have contacted them.

0 comment(s)


Diary Archives