Autofill Bug In Safari Exposes Personal Information
Monday, September 27, 2010 at 6:44PMApple has left an autofill bug in Safari unpatched that could potentially expose personal information you would never intend for anyone else to see.
Apples Autofill feature allows you to quickly fill out forms that you have previously entered, including credit card information and social security numbers.
A security expert has figured out a way of getting that information by tricking you to hit two keys: the "U" key and the "tab" keys. In theory you could place a hidden form behind a game on a web page that utilizes these keys and tricks you into filling out the form, and stealing your information.
Jeremiah Grossman discovered the bug and you can see a video of the flaw being demonstrated on his site under his entry: The Safari AutoFill Hack Lives!
Reader Comments (5)
Nice information, many thanks to the author. It is incomprehensible to me now, but in general, the usefulness and significance is overwhelming. Thanks again and good luck!
Thanks for the informative post and for actually replying to your readers’ comments. That’s something I don’t see very many blog owners doing and that makes me frustrated. Keep up the good work and I’ll continue coming back here to learn more....
Thank you Ian. I try to interact with all my readers, especially the ones that take the time to leave a comment or two. It makes a great place to open a dialog with your readers, I think more people should do it.
Nice information very nicely said and niche content thans for sharing this...
This is one of several problem apple has thanks for making us aware of this flaw; i think people should not use those unprotected softwares.