Members
  • Total Members: 12816
  • Latest: t114563
Stats
  • Total Posts: 28524
  • Total Topics: 8240
  • Online Today: 922
  • Online Ever: 51419
  • (01. January 2010., 10:27:49)












Author Topic: New Safari vulnerability in autofill feature, could steal your data  (Read 1015 times)

0 Members and 1 Guest are viewing this topic.

Samker

  • SCF Administrator
  • *****
  • Posts: 7206
  • KARMA: 291
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • SCforum.info - Samker's Computer Forum


A Safari vulnerability released today could easily steal your address book contacts through the autofill feature.

Blogger Jeremiah Grossman notified Apple privately one month ago, about a vulnerability in Safari's autofill feature that can steal your contacts names, where they work, live and even their email address.

The JavaScript powered code scans through your autofill information and takes your available information without any user interaction or prompts. Grossman posted a proof-of-concept code website that scans through your name, company, city, state, country and email, displaying all the information for you.

Although the code might seem harmless, the possibilities of the code could be hidden on a website, through an advertisement on another website, or through another means, stealing your information without you even knowing it. There is one flaw in the code however, it can't scan through numbers, meaning your phone number is safe.

Users should note that this only works on Safari 4.x and 5.0 and uses information taken from your Address Book located on your Mac, something users are required to fill out when they boot their machine for the first time. The code has some problems taking information from Safari's autofill feature running on Windows, but can still manage to obtain some of your information.

The good news? The vulnerability is easily blocked, simply by disabling Autofill under Preferences. Users should disable this autofill feature until Apple properly addresses and fixes the problem.

(NW)

Samker's Computer Forum - SCforum.info





 

With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Verification:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters):www.scforum.info:

Enter your email address to receive daily email with 'SCforum.info - Samker's Computer Forum' newest content:

Terms of Use | Privacy Policy | Advertising