Apple's Safari web browser for both the Mac and Windows suffers from a serious vulnerability that can expose emails, passwords and other sensitive contents of a user's hard drive, a researcher has warned. Those using Mac OS X 10.5, aka Leopard, are susceptible to the data-snooping bug even if they use Firefox or another …
So Apple is pulling the MS trick...
...of so tightly integrating it's own web browser into the OS that it can not readily be disabled?
Seems like it is Lynx inside a sandboxed command line FTW.....
Apple software has no vulnerabilities, the flaw must be our thinking. Perhaps it's a "design choice"?
Ha ha ha ha ha ha
Man I am laughing my arse off at all those complacent and smug mac retards thinking themselves safe from this kinda blight which is more commonly associated with windows.
So I say again.....Ha ha ha ha ha ha ha, Ha ha ha ha ha ha ha, Ha ha ha ha ha ha ha Ha ha ha ha ha ha ha Ha ha ha ha ha ha ha, Ha ha ha ha ha ha ha ....
ps: I do own a Mac, I'm just not smug about it.
I use Firefox on Windows (sorry but WINE is not good enough for games!), and I can't remember a time when there's been a security hole in it which wasn't plugged before I heard about it.
How dare you point out errors in The One True Way!
you will be burned at the stake, bound with iPod earphones and have an iphone shoved into every orifice.
May the Blessings of the White One of the Sacred Black Polarneck be with you my son (as we burn your arse) - it is, after all, for your own good.
Would this stop Apple from trying to ram it down your throat?
There is no more irritating thing than getting all the extra crud enabled by default when there is an iTunes update. For the times that I use Windows I use Firefox or maybe Chrome, which is a choice *I* make. Every single time iTunes announces an update it includes crap like Safari (now again proven to be unsafe on Windows), some Mobile whatsit which I don't want either (they're getting enough money from my phone calls already) and Quicktimes which also has limited value.
Oh, and that's without mentioning that Apple Update is a program that installed itself without my knowledge to start with. I think uninstalling that would be a good start - I hate this whole collection of software running in the background whose sole task it is to interrupt me working when someone decides to bring an update.
Nobody appears to have heard of asking the USER like "preferred day to annoy the crap out of you with updates" and "a button "I will switch off later" in addition to "Reboot now/Reboot later" which keeps popping up the moment you have made the mistake of allowing Windows update to do anything.). If I ever get to present to executives of that industry I will make sure they can't leave the room and then bombard them for the next 15 minutes with as much useless data as I can get away with. Or barge into board meetings and announce an update of the fire alarm system - right there and then. Critical, but totally irrelevant.
<strike>For the time being, </strike>it's probably a good idea for Windows users with Safari installed to leave it closed
The workaround in the article is no longer sufficient
There's a revised workaround at the blog page (more complex, unfortunately)
Workaround is not correct
On his site (in the linked blog entry) he says that the workaround of deselecting Safari as the RSS reader is not sufficient.
As you say, it's light on details, but seems to be related to RSS only.
I am sure the Mactards will spin this... You wait and see.
"For the time being, it's probably a good idea for Windows users with Safari installed to leave it closed and use a different browser."
What a load of a cobblers. Using IE instead is like jumping from the luke warm frying pan into the burning fires of hell.
It just works....
..well, maybe, if it's fully patched and you remember to turn off all the functionality.
It just works...
As our data snooping overlords designed it...
I'm a mac!
And I dont get this kind of shi... .oh... err.... Here have some data.
from a Windows user.
What's the IT angle since this involves Macs ?
One exploit in Safari, that requires the user to visit a phishing site to work
& how many exploits in Internet Explorer?
"Oh, and that's without mentioning that Apple Update is a program that installed itself without my knowledge to start with. "
Are you sure about that?
I've just had to install Quicktime onto a couple of PCs in order to use a HD Video Camera.
In the Install window there is a checkbox to install (or not) the auto-update facility.
Because that never happens of course. Especially to not to smug Apple fanbois :P
Where does it say to use IE? That's the beauty of IT... you can choose which browser to use!
Apart from Netscape. Dear, dear, sorely missed Netscape. Your sweet life was cut short far too early.
**Nobody appears to have heard of asking the USER like "preferred day to annoy the crap out of you with updates"**
Umm they have. Try AptGet. It informs me when updates are available by changing a number from zero to a number saying how many updates are available. This does not annoy the crap out of me. It is then my choice as to when I download the updates, if at all.
I've also never had to restart my computer after updating, although some updates to running processes do ask for them to be restarted.
What, AptGet not available for Windows/Mac? Try a user friendly operating system, like, err, Linux.
How bad can it be?
Does anyone use Safari as an RSS reader anyway? It's awful for that.
@R Callan - no apt, but there's a Gentoo-alike ports system for Mac that fills the same purpose. No idea about Windows though.
@R Callan RE: apt-get
"Umm they have. Try AptGet. It informs me when updates are available by changing a number from zero to a number saying how many updates are available. This does not annoy the crap out of me. It is then my choice as to when I download the updates, if at all.
I've also never had to restart my computer after updating, although some updates to running processes do ask for them to be restarted."
To be fair, a couple of times per year, the kernel updates do indeed require a reboot. Mind you, like you said, you can choose not to take them, if you really want. One of the factors that drove me to Linux, we the endless updates from MS, that always required a reboot (not very handy on a media server! ;) ). I liked it so much, I moved wholesale and didn't look back :)
Now, I can't really remember what the boot process, or logon screen looks like...
Obviously, there are pros and cons to the Windows vs Linux-repo update model, but on balance, I far prefer the Linux one. I guess, the model would matter less if you didn't have to reboot for every update in Windowsland, but I still can't bear the Windows model, where you have umpteen process running, all trying to keep "their" app, up to date.