Threat Center Security News Safari RSS safe from threat
Safari RSS safe from threat Print E-mail
Written by Rebecca Mints   
Thursday, 05 March 2009 00:48
Users of Safari heaved a sigh of relief when Apple released a much-awaited patch last week for the browser’s RSS vulnerability that was discovered mid-January of this year.

 Security update 2009-001 is now available on Apple’s site designed for the following platforms: MacOS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.6 and Mac OS X Server v10.5.6.

The flaw in Safari RSS previously alarmed Apple users as attackers can infiltrate the system through URLs and execute codes on the system.

 A description of the vulnerability released by Apple says that ‘Multiple input validation issues exist in Safari’s handling of feed:URLs. It also noted that ‘the flaw allow execution of arbitrary JavaScript in the local security zone’.

 The update, issued in the last week of February, ensures users better performance from Apple’s Safari browser as developers of the software already improved the handling of embedded JavaScript within feed:URLs.

 A fix for Mac OS X 10.5 and Mac OS X 10.4 for Java has also been released by Apple, which are expected to correct flaws in Java Web Start and Java plug-in.  

Apple commended Clint Ruoho of Laconic Security, Billy Rios of Microsoft and Brian Mastenbrook for reporting the Safari RSS vulnerability.


WTW Threat Level