I recently had an issue where some RSS feeds were causing my IT department to think my MBP was infected by ransomware and was connecting to a ransomware server.
Ransomware/malware can be 'caught' just by visiting a compromised website so one would like to think RSS readers, mine is Vienna, block the execution of all code in the pages they load. Is that so? My discussion on Vienna's GitHub page was far less than satisfactory on the matter.
So two things. The first is to bring this issue to people — I had no idea my RSS reader could be a potential source of exposure to malware. RSS readers offer convenience, but apparently I need now to balance that convenience with the potential risks associated with malware. I believe not many people are thinking of this issue and they might benefit from being aware of it.
Two, is there a way of sandboxing a RSS reader (ideally in the most complete way), so that it cannot be a source of malware? is disabling JavaScript and plugins in the RSS browser enough (not really clear what plugins the internal browser has to start with…)?
Best Answer
I'm sorry you felt the response you got on the Vienna GitHub page wasn't satisfactory. The issue was caused by a compromised web server that was serving you an RSS feed and also performing a normal HTTP request to a ransomware site.
To add an answer to your second item, disabling JS and plugins in the internal browser should be more than enough. Attempting to reach a ransomeware site isn't a security issue in itself.
For Sandboxing, Vienna was patched in November 2016 (see https://github.com/ViennaRSS/vienna-rss/issues/736) to prevent an XML exploit that allowed a malicious RSS feed to potentially read files outside of the application. We hope to add the macOS native sandboxing in the future and that is an issue that is high on our list of improvements to make to Vienna and hopefully won't be outstanding for too much longer.