Safari exploit gives your contact info to malicious websites
In a report on security in the first half of 2010 Apple has claimed the top spot in the number of security vulnerabilities in their OS and software. According to a report from the security company Secunia, Apple is followed by Oracle and then Microsoft in the number of security flaws reported. It's worth noting that this report does not weigh the severity of these vulnerabilities, only the overall number of them.
Safari itself ranks slightly better in the number of vulnerabilities found in 3rd party applications, taking the number two spot right after Mozilla's Firefox. It may not come as any surprise then that a major Safari exploit was publicly reported yesterday by Jeremiah Grossman, the founder of WhiteHat Security.
The exploit lets malicious sites retrieve your personal data from your Address Book in both Safari 4 & 5 if you have enabled the option to allow Safari to AutoFill web forms with your Address Book info. The exploit does not require the user to even see the forms, it can all happen automatically without you having any idea that you just gave the site your name, company, city, state, country, email and other form data you may have added to your Address Book entry.
It's important to note that this vulnerability does apply to Safari for Windows as well, but it will only grab the personal information you've explicitly typed into Safari directly.
Jeremiah also mentions that he did report this vulnerability privately to Apple on June 17th.
[Hat tip Techmeme & Ars Technica]
In a report on security in the first half of 2010 Apple has claimed the top spot in the number of security vulnerabilities in their OS and...
Subscribe to Newsletter
Software Updatesmore updates
- Daily App: MyScript Calculator solves your hand-written math equations
- Findery app lets you discover the world around you using annotated notes and maps
- The Learnist app brings its crowd-sourced collection of information to your iPhone
- My cat Cinnamon reviews Friskies Cat Fishing 2
- Photo Grid Collage Maker is capable and free
- iExit gets new features and is now free