Monday, September 27, 2010

New Safari autocomplete bug exposes your personal info

New Safari autocomplete bug exposes your personal info

Filed under: Security, Apple, Browsers

We've covered security holes in Safari's AutoFill function before, but now there's a new one on the loose -- and Apple has thus far left it unpatched.

AutoFill is the feature that quickly fills out forms for you using information you've previously entered. It can store everything from your name and address to your credit card and Social Security numbers. Now, one security expert has figured out a way to get that information by tricking you into hitting two keys: "U" and tab.

See, when you start to autofill just one field on a page -- say, filling in your country as "United States" by hitting "U" -- you can hit tab to move to the next field and fill that in, too, and so on down the page. You wouldn't be stupid enough to fill in all your information on a form from a site you didn't trust, but security guru Jeremiah Grossman is willing to bet some of you wouldn't think twice about playing a game that uses U and tab as part of its controls.

All someone would have to do to exploit this bug is hide an invisible web form on the game page, and let you do the rest. Scary, right?

Grossman recommends turning off AutoFill altogether in your Safari preferences until Apple plugs the security holes in the feature.

[via Forbes]

New Safari autocomplete bug exposes your personal info originally appeared on Download Squad on Fri, 24 Sep 2010 16:00:00 EST. Please see our terms for use of feeds.

Read�|�Permalink�|�Email this�|�Comments


Marisa Miller
Cat Power
Moon Bloodgood

No comments:

Post a Comment