back to article Researcher warns of data-snooping bug in Apple's Safari

Apple's Safari web browser for both the Mac and Windows suffers from a serious vulnerability that can expose emails, passwords and other sensitive contents of a user's hard drive, a researcher has warned. Those using Mac OS X 10.5, aka Leopard, are susceptible to the data-snooping bug even if they use Firefox or another …

COMMENTS

This topic is closed for new posts.
  1. Dave Morris

    So Apple is pulling the MS trick...

    ...of so tightly integrating it's own web browser into the OS that it can not readily be disabled?

    Seems like it is Lynx inside a sandboxed command line FTW.....

  2. Scott
    Jobs Halo

    Blasphemy

    Apple software has no vulnerabilities, the flaw must be our thinking. Perhaps it's a "design choice"?

  3. Anonymous Hero
    Jobs Horns

    Ha ha ha ha ha ha

    Man I am laughing my arse off at all those complacent and smug mac retards thinking themselves safe from this kinda blight which is more commonly associated with windows.

    So I say again.....Ha ha ha ha ha ha ha, Ha ha ha ha ha ha ha, Ha ha ha ha ha ha ha Ha ha ha ha ha ha ha Ha ha ha ha ha ha ha, Ha ha ha ha ha ha ha ....

    ps: I do own a Mac, I'm just not smug about it.

  4. Adam
    Gates Horns

    Firefox FTW!

    I use Firefox on Windows (sorry but WINE is not good enough for games!), and I can't remember a time when there's been a security hole in it which wasn't plugged before I heard about it.

    Nuff said.

  5. Anonymous Coward
    Joke

    HERETIC!

    How dare you point out errors in The One True Way!

    you will be burned at the stake, bound with iPod earphones and have an iphone shoved into every orifice.

    May the Blessings of the White One of the Sacred Black Polarneck be with you my son (as we burn your arse) - it is, after all, for your own good.

  6. This post has been deleted by its author

  7. Anonymous Coward
    Jobs Horns

    Windows?

    <strike>For the time being, </strike>it's probably a good idea for Windows users with Safari installed to leave it closed

  8. Martin Maisey
    Alert

    The workaround in the article is no longer sufficient

    There's a revised workaround at the blog page (more complex, unfortunately)

  9. Martin
    Thumb Down

    Workaround is not correct

    On his site (in the linked blog entry) he says that the workaround of deselecting Safari as the RSS reader is not sufficient.

    As you say, it's light on details, but seems to be related to RSS only.

  10. Anonymous Coward
    Jobs Horns

    Spin

    I am sure the Mactards will spin this... You wait and see.

  11. Alexis Vallance
    Flame

    Rubbish

    "For the time being, it's probably a good idea for Windows users with Safari installed to leave it closed and use a different browser."

    What a load of a cobblers. Using IE instead is like jumping from the luke warm frying pan into the burning fires of hell.

  12. Mick F
    Jobs Horns

    It just works....

    ..well, maybe, if it's fully patched and you remember to turn off all the functionality.

  13. Anonymous Coward
    Black Helicopters

    It just works...

    As our data snooping overlords designed it...

  14. Daniel Bennett
    Thumb Up

    I'm a mac!

    And I dont get this kind of shi... .oh... err.... Here have some data.

  15. Anonymous Coward
    IT Angle

    Ha ha

    from a Windows user.

    What's the IT angle since this involves Macs ?

  16. N

    Big deal

    One exploit in Safari, that requires the user to visit a phishing site to work

    & how many exploits in Internet Explorer?

  17. Ivan Headache

    @Peter

    "Oh, and that's without mentioning that Apple Update is a program that installed itself without my knowledge to start with. "

    Are you sure about that?

    I've just had to install Quicktime onto a couple of PCs in order to use a HD Video Camera.

    In the Install window there is a checkbox to install (or not) the auto-update facility.

  18. Gaz

    @Big deal

    Because that never happens of course. Especially to not to smug Apple fanbois :P

  19. Big Bear
    Stop

    @Alexis Vallance

    Where does it say to use IE? That's the beauty of IT... you can choose which browser to use!

    Apart from Netscape. Dear, dear, sorely missed Netscape. Your sweet life was cut short far too early.

  20. R Callan
    Linux

    @Peter

    **Nobody appears to have heard of asking the USER like "preferred day to annoy the crap out of you with updates"**

    Umm they have. Try AptGet. It informs me when updates are available by changing a number from zero to a number saying how many updates are available. This does not annoy the crap out of me. It is then my choice as to when I download the updates, if at all.

    I've also never had to restart my computer after updating, although some updates to running processes do ask for them to be restarted.

    What, AptGet not available for Windows/Mac? Try a user friendly operating system, like, err, Linux.

  21. Paul Nolan
    Happy

    How bad can it be?

    Does anyone use Safari as an RSS reader anyway? It's awful for that.

    @R Callan - no apt, but there's a Gentoo-alike ports system for Mac that fills the same purpose. No idea about Windows though.

  22. Matthew Collier
    Thumb Up

    @R Callan RE: apt-get

    "Umm they have. Try AptGet. It informs me when updates are available by changing a number from zero to a number saying how many updates are available. This does not annoy the crap out of me. It is then my choice as to when I download the updates, if at all.

    I've also never had to restart my computer after updating, although some updates to running processes do ask for them to be restarted."

    To be fair, a couple of times per year, the kernel updates do indeed require a reboot. Mind you, like you said, you can choose not to take them, if you really want. One of the factors that drove me to Linux, we the endless updates from MS, that always required a reboot (not very handy on a media server! ;) ). I liked it so much, I moved wholesale and didn't look back :)

    Now, I can't really remember what the boot process, or logon screen looks like...

    Obviously, there are pros and cons to the Windows vs Linux-repo update model, but on balance, I far prefer the Linux one. I guess, the model would matter less if you didn't have to reboot for every update in Windowsland, but I still can't bear the Windows model, where you have umpteen process running, all trying to keep "their" app, up to date.

This topic is closed for new posts.