Home » Content

Safari AutoFill Hack can give Up Personal Info

Posted July 22nd, 2010 by Shawn
Macuser

Security researchers have discovered that a convenient Safari feature can automatically give up a user’s personal information to a Website.

As reported by InformationWeek, WhiteHat Security founder and CTO Jeremiah Grossman described on his blog how a malicious hacker could take advantage of Safari’s AutoFill feature. Basically, a maliciously crafted Web form can cycle through letters and numbers in each text entry field until it triggers Safari’s auto-fill functionality. The form can then be automatically submitted to the hacker so the information can be be sold to spammers and otherwise exploited.

Grossman blames a flaw in WebKit, the open-source engine that powers Safari on both the Mac and iOS devices, as well as Google’s Chrome browser and other mobile devices. Fortunately, there’s an easy way to defend against the malicious exploitation of Safari’s AutoFill feature. You can simply disable the “Using info from my Address Book” option in the AutoFill preferences pane.

Click here to read more on "Safari AutoFill Hack can give Up Personal Info"

Post new comment

The content of this field is kept private and will not be shown publicly.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <img> <p> <div>
  • Lines and paragraphs break automatically.
  • Each email address will be obfuscated in a human readble fashion or (if JavaScript is enabled) replaced with a spamproof clickable link.

More information about formatting options

CAPTCHA
This question is for testing whether you are a human visitor and to prevent automated spam submissions.