Jump to content

Safari vulnerability could steal your data


nsane.forums

Recommended Posts

nsane.forums

A Safari vulnerability released today could easily steal your address book contacts through the autofill feature.

Blogger Jeremiah Grossman notified Apple privately one month ago, about a vulnerability in Safari's autofill feature that can steal your contacts names, where they work, live and even their email address.

The JavaScript powered code scans through your autofill information and takes your available information without any user interaction or prompts. Grossman posted a proof-of-concept code website that scans through your name, company, city, state, country and email, displaying all the information for you.

Although the code might seem harmless, the possibilities of the code could be hidden on a website, through an advertisement on another website, or through another means, stealing your information without you even knowing it. There is one flaw in the code however, it can't scan through numbers, meaning your phone number is safe.

Users should note that this only works on Safari 4.x and 5.0 and uses information taken from your Address Book located on your Mac, something users are required to fill out when they boot their machine for the first time. The code has some problems taking information from Safari's autofill feature running on Windows, but can still manage to obtain some of your information.

The good news? The vulnerability is easily blocked, simply by disabling Autofill under Preferences. Users should disable this autofill feature until Apple properly addresses and fixes the problem.

image-239A_4C48CACF.jpg

view.gif View: Original Article

Link to comment
Share on other sites


  • Replies 4
  • Views 841
  • Created
  • Last Reply

Oh great, I just started using Safari 5 a lot since Sunday.

Funny that this article says the vulnerability 'uses information taken from your Address Book located on your Mac' but then shows a Windows screenshot. :lol:

Link to comment
Share on other sites


  • Administrator

LOL. I missed that one.

But let me tell you, Safari 5 is far from being secure like any other browsers if you go by the number of security problems recently.

Link to comment
Share on other sites


Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...