Safari autofill exploit can reveal user data


Recommended Posts

Safari autofill exploit can reveal user data

by Seth Rosenblatt

The autofill option in Apple's Safari browser can expose personal data without the user's consent, a security researcher reported on Wednesday. It remains unclear as to whether the problem affects Safari specifically or all WebKit-based browsers, which include Google Chrome. It's recommended that Safari and Chrome users disable the autofill feature immediately, until further notice.

A malicious Web site would only have to create dynamic form text fields with appropriate names, such as "address" or "credit card," and simulate A-Z keystrokes using Javascript, and then the data would be filled in automatically, Grossman said in the blog post. This would work, he said, even if the text fields were hidden from the visitor's view. He also added that he notified Apple of the security breach on June 17 in accordance with accepted "best behavior" practices for security researchers, but received only an automatic response.

More details here - http://news.cnet.com/security/

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...