Safari Autofill Can Expose Personal Info

Kara Reeder

According to Computerworld, Safari's AutoFill feature, which is supposed to make it easier to fill out forms, could by abused by hackers to harvest personal information. reports that the feature can be exploited in Safari 4.0 and Safari 5.0 versions.

When the user keeps the AutoFill info from address book card feature on and visits a maliciously crafted website, the browser automatically populates and fills the user information in the web page.

In a blog post, WhiteHat Security founder and CTO Jeremiah Grossman describes how a malicious hacker could take advantage of Safari's AutoFill feature. Says Grossman:

Such attacks could be easily and cheaply distributed on a mass scale using an advertising network where likely no one would ever notice because it's not exploit code designed to deliver rootkit payload.

But as notes, there is an easy way to defend against such attacks: Simply disable the "Using info from my Address Book" option in the AutoFill preferences pane.

Add Comment      Leave a comment on this blog post

Post a comment





(Maximum characters: 1200). You have 1200 characters left.



Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.


Resource centers

Business Intelligence

Business performance information for strategic and operational decision-making


SOA uses interoperable services grouped around business processes to ease data integration

Data Warehousing

Data warehousing helps companies make sense of their operational data