Apple Safari may be the fastest web browser in town but for what we know, it still isn't the safest one.

Brian has discovered a vulnerability in Safari that may allow a malicious web site to read files on a user's hard drive without user intervention. This can be used to gain access to sensitive information stored on the user's computer, such as emails, passwords, or cookies that could be used to gain access to the user's accounts on some web sites.

The security hole exists somewhere in the Safari RSS handler and affects versions of Safari on Mac as well as Windows. Apple has acknowledged the vulnerability and shall soon be releasing an update to fix this issue.

Users of Safari on Mac can make use of the following fix.

1. Download and install the RCDefaultApp preference pane, following the included instructions.
2. Open System Preferences and choose the Default Applications option.
3. Select the "URLs" tab in the window that appears.
4. Choose the "feed" URL type from the column on the left, and choose a different application or the "<disabled>" option.
5. Repeat the previous step for the "feeds" and "feedsearch" URL types.

Unfortunately, Safari users on Windows have no option but to use an alternate browser until Apple releases an update.

For maximum security, we recommend our users (who use Safari) to apply this fix as soon as possible.