Security glitch identified in Apple Safari
Allows hackers to secretly access personal information and files on a user’s hard drive
A serious flaw that allows hackers to steal information through the Apple Safari browser has just been identified.
The vulnerability, acknowledged by Apple, was brought to light by open source expert Brian Mastenbrook, who has found other flaws with Apple’s software in the past.
“….Apple's Safari browser is vulnerable to an attack that allows a malicious web site to read files on a user's hard drive without user intervention. This can be used to gain access to sensitive information stored on the user's computer, such as emails, passwords, or cookies that could be used to gain access to the user's accounts on some web sites,” Mastenbrook writes in his blog post.
Changing the default RSS feed reader application in Safari was thought to solve the problem, but it’s since been revealed that Mac OS X 10.5 Leopard users remain affected.
Earlier versions of Mac OS X are not at risk but PC users of Safari are advised to use a different browser till the issue is fixed.
While Apple has so far not publicly addressed the vulnerability, Mastenbrook has published a list of remedial steps for users in his blog .