SecureMac, Inc.

Safari Vulnerability

June 7, 2009

SecureMac Advisory

Posted: June 9th, 2009

Security Risk: Critical

Safari prior to version 4 (released June 8th, 2009) may permit malicious web pages to steal files from the local system simply by accessing a web page without further interaction. This vulnerability is present in both Mac OS X and Windows Safari. The attack is accomplished by mounting an XXE attack against the parsing of the XSL XML.

Chris Evans has documented this vulnerability in his advisory on his website http://scary.beasts.org/security/CESA-2009-006.html

Safari 4 is now available for download for both Windows and Macintosh systems. Suggested to …

Safari Vulnerability

SecureMac Advisory

Posted: June 9th, 2009

Security Risk: Critical

Safari prior to version 4 (released June 8th, 2009) may permit malicious web pages to steal files from the local system simply by accessing a web page without further interaction. This vulnerability is present in both Mac OS X and Windows Safari. The attack is accomplished by mounting an XXE attack against the parsing of the XSL XML.

Chris Evans has documented this vulnerability in his advisory on his website http://scary.beasts.org/security/CESA-2009-006.html

Safari 4 is now available for download for both Windows and Macintosh systems. Suggested to upgrade or to use an alternative browser such as Firefox.

Filed under Mac OS X, SecureMac, Security Advisory, Security News, Software

Related Posts

Latest Security News

Get the latest security news and deals