Many RSS readers, news aggregators, or pod-catchers automatically download the information contained in the enclosure field regardless of its file type or source.
An infected feed can include scripts that install malicious software that perform additional executions of pretty much any kind, or they can just steal cookies, for example.
Basically, these exploits are normally read and executed within HTML entities of the RSS feed. The harmful scripts are executed after they arrive on your computer and are read. There’s no way of knowing if you’re reading an infected RSS feed, not right away at least. But still, you won’t know if the RSS feed caused your problem, or not.
Some developers of RSS Aggregators nowadays become more aware of the problem concerning security and have their own solutions, which can improve computer's protection. They have different approaches to it.
FeedDemon uses an editable safelist of file types as well as allowing users to monitor what files are automatically downloaded. FeedDemon also contains hard-coded warnings related to specific file types.
Developers of ByteScout took a different approach to the handling of enclosure files, ByteScout does not automatically download anything without user intervention for each download.
