Last Updated: 2009-01-13 23:07:45 UTC
by Toby Kohlenberg (Version: 1)
Ismael Valenzuela pointed us at Brian Mastenbrook's blog where he has published a new information disclosure vulnerability in Safari. The vuln potentially allows a malicious website to read files on the local system.
The vulnerability applies to
- anyone running OS.X 10.5 who have left the system default setting for the RSS feed reader. Which browser you use is irrelevant.
- Windows users of Safari
According to Brian, Apple hasn't responded to this yet though he claims to have contacted them.