Safari AutoFill Exploit Raises Privacy Concerns

Earlier in the week, Jeremiah Grossman of WhiteHat Security reported a major security vulnerability in Safari. This vulnerability stems from the “AutoFill web forms” function, which is enabled by default in the browser’s preferences.

Ordinarily, this feature is intended to save users time by auto-completing forms using data from the Address Book. Grossman reports that a malicious website could theoretically pull data from a user’s address book card, capture it, and invisibly send it to an attacker. The privacy breach would happen without the user’s knowledge, and would not require him/her to input any text or follow any links. By merely visiting a malicious page, users could put their privacy at risk.

This AutoFill exploit can capture the user’s name, city, state, country, company, and email address. However, it cannot be used to capture numeric data such as phone numbers or street addresses. Regardless of the information at risk, any unsolicited attempt to obtain a user’s private information is something to be wary of.

Grossman has posted a safe proof of concept website here which indicates whether or not you are at risk. Thankfully, the temporary fix is an easy one. Simply visit: Safari > Preferences > AutoFill, and uncheck the box labeled “Using info from my Address Book card.” Grossman has submitted this vulnerability to Apple, and hopefully a fix will be provided in the next Security Update or the next revision of Safari.

Similar Posts

  • The Macintosh Turns 27 Today

    Today marks the 27th Birthday of the iconic beige box which ultimately gave way to the iMac I’m typing this post on. On…

  • Apple Updates Roundup

    As promised, Apple today launched iOS 5 and iCloud. Accompanying these, Apple today also released a slew of updates and apps for iOS…

  • iTunes 7.3 – Download Now!

    Apple just released an update to their popular iTunes software. Today’s update revolves mostly around the iPhone. Activate your iPhone service Sync iPhone…

  • Apple Releases iTunes 10.3

    Apple today released iTunes 10.3, bringing the first wave of iCloud beta support to OS X. Following yesterday’s keynote event, Apple pushed the…

  • A Look at the iPhone Family

    Image Credit: MacRumors Apple today announced the addition of the iPhone 4S to the iPhone family, as well as a new price point…

  • Happy Birthday, Steve Jobs!

    Steve Jobs turns 55 today. There’s no doubt that we admire and respect the guy. There’s so much to be said about him…