Mac OS X security bug and NetNewsWire

Recently a security bug was reported in Safari. Clicking on certain URLs could cause a script to run on your machine.

Sylvain Carle alerted us to the fact that this security bug is not really a Safari bug, it’s a bug in WebKit.

WebKit is Safari’s rendering system, provided by Apple as part of OS X, which other applications use too—including NetNewsWire.

NetNewsWire uses WebKit to display feed descriptions, so NetNewsWire (and other WebKit-using applications) may be vulnerable to this bug.

We certainly expect that Apple will fix the bug with a security update, and that should solve the problem. In the meantime we’re looking at the possibility of fixing it just for NetNewsWire, in case Apple doesn’t come through with a fix.

For reference: here’s the report on the bug, and here’s a CNET article about it, which states that Apple is aware of the issue.

If you have any questions, please feel free to email Brent Simmons at brent@ranchero.com.

Update 4:00 p.m.: it turns out it’s not just a WebKit bug, it can affect other browsers and applications which display HTML but that don’t use WebKit.

19 May 2004

Archive

© 1995-2014 Ranchero Software, LLC