Critical Safari Vulnerability Discovered

By | July 23, 2010 | 3 Comments


Critical Safari Vulnerability DiscoveredThere appears to be a major security hole in Safari 4 and 5 web browsers. A simple JavaScript code can scan autofill data and easily steal your contacts names (first and last), work place, city, state and even email addresses.

The good news:

1. It’s not possible to scan numbers; therefore, phone numbers and street addresses will not be obtained.
2. This trick does not work in Windows machines (not confirmed).
3. Vulnerability was reported to Apple more than a month ago.
4. You can prevent this from happening.

How?

Go to Preferences > AutoFill > AutoFill web forms and uncheck “Using info from my Address Book card”.

The bad news:

1. Apple did not respond to such report (Jeremiah Grossman, guy who contacted company has received an auto-reply only).

Here is a video demo

[digg-reddit-me]


About (Author Profile)


Vygantas is a former web designer whose projects are used by companies such as AMD, NVIDIA and departed Westood Studios. Being passionate about software, Vygantas began his journalism career back in 2007 when he founded FavBrowser.com. Having said that, he is also an adrenaline junkie who enjoys good books, fitness activities and Forex trading.

  • fff

    I am sure Apple will just say something in the lines of: you are using it wrong

    • GM

      No! Maybe “Do it our Way” is the right response! LMAO.

  • Tiago Sá

    Lol, indeed. It’s well known that Apple products are very unsafe and vulnerable, so this should come as no surprise.