nsane.forums Posted July 22, 2010 Share Posted July 22, 2010 A Safari vulnerability released today could easily steal your address book contacts through the autofill feature. Blogger Jeremiah Grossman notified Apple privately one month ago, about a vulnerability in Safari's autofill feature that can steal your contacts names, where they work, live and even their email address. The JavaScript powered code scans through your autofill information and takes your available information without any user interaction or prompts. Grossman posted a proof-of-concept code website that scans through your name, company, city, state, country and email, displaying all the information for you. Although the code might seem harmless, the possibilities of the code could be hidden on a website, through an advertisement on another website, or through another means, stealing your information without you even knowing it. There is one flaw in the code however, it can't scan through numbers, meaning your phone number is safe. Users should note that this only works on Safari 4.x and 5.0 and uses information taken from your Address Book located on your Mac, something users are required to fill out when they boot their machine for the first time. The code has some problems taking information from Safari's autofill feature running on Windows, but can still manage to obtain some of your information. The good news? The vulnerability is easily blocked, simply by disabling Autofill under Preferences. Users should disable this autofill feature until Apple properly addresses and fixes the problem. View: Original Article Link to comment Share on other sites More sharing options...
Night Owl Posted July 22, 2010 Share Posted July 22, 2010 Oh great, I just started using Safari 5 a lot since Sunday.Funny that this article says the vulnerability 'uses information taken from your Address Book located on your Mac' but then shows a Windows screenshot. :lol: Link to comment Share on other sites More sharing options...
Administrator DKT27 Posted July 23, 2010 Administrator Share Posted July 23, 2010 LOL. I missed that one.But let me tell you, Safari 5 is far from being secure like any other browsers if you go by the number of security problems recently. Link to comment Share on other sites More sharing options...
Bizarre™ Posted July 23, 2010 Share Posted July 23, 2010 You can never be secure as long as you're connected to the web ^_^ Link to comment Share on other sites More sharing options...
Night Owl Posted July 28, 2010 Share Posted July 28, 2010 Safari 5.0.1 and 4.1.1 have been released to fix this issue.Source Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.