There's been an interesting warning about a security vulnerability in Safari.

It seems that a maliciously-formed link can be used to gain access to files stored on a computer that has Safari set as the default RSS program.

You can read Brian Mastenbrook's warning here.

Some people are asserting that there's nothing to worry about, as there's a big difference between finding a flaw and developing a working exploit.

I'm taking this warning more seriously than that.

The reason is that Mastenbrook didn't provide a vague warning of 'possible code execution', he specifically stated "that Apple's Safari browser is vulnerable to an attack that allows a malicious web site to read files on a user's hard drive without user intervention."

Others seem to think that because they don't use RSS feeds they are safe.

Not so, according to Mastenbrook: "All users of Mac OS X 10.5 Leopard who have not performed the workaround steps listed below are affected, regardless of whether they use any RSS feeds. Users of previous versions of Mac OS X are not affected."

Since Safari is the default RSS handler for Mac OS X, it seems sensible to employ his workaround - you'll find the instructions here (this is the same link as in the third paragraph).

Once you've done that, sit back and wait for Apple to release a patch.

I hope they don't take too long, as I subscribe to a lot of RSS feeds and I find reading them in Mail rather than Safari is irritating.