SMUG member Terry Bowman (”The Mac Doctor”) has forwarded these two news bursts — one on the recently discovered Safari vulnerability, and the other on Seagate hard drive failures:
Stephen Withers wrote:
A newly revealed vulnerability in Apple’s Safari web browser allows a remote site to read files stored on a Mac or Windows system. According to the discoverer, the vulnerability has been acknowledged by Apple.
“This vulnerability could be exploited by a phishing site in a way that would not cause affected users to suspect their information had been stolen,”
Although Mastenbrook did not disclose details of the vulnerability, it may involve the use of malformed feed: URLs. History suggests that the underlying problem is either a buffer overflow or a format string issue.
The vulnerability is said to affect Safari on Windows as well as Mac OS X 10.5.
Brian Mastenbrook: writes:
Note: The original version of this page contained a simple workaround for this issue which I believed would protect users against this problem. I have since discovered (on 13 January 2009) that changing the default RSS feed reader application in Safari does not correctly disassociate Safari from all RSS feed URLs.
He posts a fix on his web article and further notes:
Apple has not made information available on when a fix for this issue will be released. Users with questions or concerns should contact Apple as I have no additional information about this vulnerability which can be shared at this time.
Seagate Failures
As some of you already know Seagate is having some firmware problems with 7200.11 model drives. Here’s a page of info on the problem, including a list of affected models:
It appears to be a SATA thing.
Thank you Terry …
