Safari AutoFill Exploit Raises Privacy Concerns

Earlier in the week, Jeremiah Grossman of WhiteHat Security reported a major security vulnerability in Safari. This vulnerability stems from the “AutoFill web forms” function, which is enabled by default in the browser’s preferences.

Ordinarily, this feature is intended to save users time by auto-completing forms using data from the Address Book. Grossman reports that a malicious website could theoretically pull data from a user’s address book card, capture it, and invisibly send it to an attacker. The privacy breach would happen without the user’s knowledge, and would not require him/her to input any text or follow any links. By merely visiting a malicious page, users could put their privacy at risk.

This AutoFill exploit can capture the user’s name, city, state, country, company, and email address. However, it cannot be used to capture numeric data such as phone numbers or street addresses. Regardless of the information at risk, any unsolicited attempt to obtain a user’s private information is something to be wary of.

Grossman has posted a safe proof of concept website here which indicates whether or not you are at risk. Thankfully, the temporary fix is an easy one. Simply visit: Safari > Preferences > AutoFill, and uncheck the box labeled “Using info from my Address Book card.” Grossman has submitted this vulnerability to Apple, and hopefully a fix will be provided in the next Security Update or the next revision of Safari.

Similar Posts

  • Happy Birthday, Leopard! Part 2

    As Appletell says, “No matter how good Apple Mac OS X Leopard is, there will always be features that people dislike, and want…

  • iPod touch Gets an Update

    Today, Apple announced an update to their iPod touch. Nothing too major — those announcements are usually saved for their Keynote presentations —…

  • One Grant Grants 3GS*

    In a press release this morning, AT&T announced plans to reduce the subsidized price of the 8GB iPhone 3GS from $99 to $49….

  • MagSafe Power Adapter Exchange Program

    Some owners of MacBooks and MacBook Pros have had a problem with fraying insulation on the magnetic end of their MagSafe power adapters….

  • Apple Introduces 17" MacBook Pro!

    Apple, as expected, revealed the new 17-inch MacBook Pro featuring the Intel Core Duo processor and an all new system architecture that delivers…

  • iOS 7's Education Advantage

    iOS 7 embraces the environment of education with many new features to help deploy devices in schools. In the past, iOS has done…