Slashdot Mirror

← Back to Stories (view on slashdot.org)

Safari Privacy Bug May Be Leaking Your Data

Posted by timothy on from the problem-with-software-is-that-it-sucks dept.

richi writes "If you use Safari, your browser may be leaking your private information to any website you visit. Jeremiah Grossman, the CTO of WhiteHat Security, has discovered some Very Bad News. I have some analysis and other reactions over at my Computerworld blog. The potential for spam and phishing is huge. A determined attacker might even be able to steal previously-entered customer data." In short, autofill for Web forms is enabled by default in Safari 4 / 5 (and remotely exploitable), and the data that this feature has access to includes the user's local address book — even if the information has never been entered into a Web form.

2 of 152 comments (clear)

  1. Update: Statement from Steve Jobs... by pandrijeczko · · Score: 1, Redundant

    ... you are holding your Safari browsers the wrong way.

    --
    Gentoo Linux - another day, another USE flag.
  2. Overblown? by nilbog · · Score: 1, Redundant

    The only time the data is given to the browser is when you've already started typing it. Iirc you have to enter one field and then tab to the next. So if you're giving this data anyway it's not really a vulnerability. The only potential victims are people who start entering data and then decide not to. Worth paying attention to, but not exactly a huge problem.

    --
    or else!