Safari Privacy Bug May Be Leaking Your Data

← Back to Stories (view on slashdot.org)

Safari Privacy Bug May Be Leaking Your Data

Posted by timothy on Thursday July 22, 2010 @09:18AM from the problem-with-software-is-that-it-sucks dept.

richi writes "If you use Safari, your browser may be leaking your private information to any website you visit. Jeremiah Grossman, the CTO of WhiteHat Security, has discovered some Very Bad News. I have some analysis and other reactions over at my Computerworld blog. The potential for spam and phishing is huge. A determined attacker might even be able to steal previously-entered customer data." In short, autofill for Web forms is enabled by default in Safari 4 / 5 (and remotely exploitable), and the data that this feature has access to includes the user's local address book — even if the information has never been entered into a Web form.

2 of 152 comments (clear)

Min score:

Reason:

Sort:

Re:"If you use Safari, by Lars+T. · 2010-07-22 11:13 · Score: 3, Informative

Yeah, because no one has an iPhone or iPad.
Naccio said...
@ Jeremiah Grossman: Does it work with iPad, iPhone or iPod browser?
July 22, 2010 11:56 AM Jeremiah Grossman said...
@naccio: no, it does not. Mobile Safari's behavior is different.

--
Lars T.
To the guy who modded me down from perfect to terrible Karma - Apple haters still suck
Re:So..'many eyes make bugs shallow'? by Smurf · 2010-07-22 12:16 · Score: 3, Informative

If any respectable open source team member had seen Javascript events being passed to the keyboard buffer, he or she would have screamed blue bloody murder and it would have become a priority one bug faster than you can say "the developer who wrote that shit has just lost code submission privileges on this project".
Given that most Safari developers working for Apple are very respectable Open Source team members that contribute heavily to WebKit, I will have to say that your assertion is simply not true.