A serious security flaw has been found in Safari’s RSS reader. The vulnerability could allow a malicious website to gain access to sensitive user data, and affects both Mac and Windows versions of the browser.
“Apple’s Safari browser is vulnerable to an attack that allows a malicious web site to read files on a user’s hard drive without user intervention. This can be used to gain access to sensitive information stored on the user’s computer, such as emails, passwords, or cookies that could be used to gain access to the user’s accounts on some web sites. The vulnerability has been acknowledged by Apple” said discoverer Brian Mastenbrook.
A time frame for a fix is still unknown.