Safari susceptible to AutoFill security bug (again)
You may keep in mind that Apple’s Safari browser got hit with a nasty security bug involving its text AutoFill feature at the end of This summer. Apple squashed this bug using the Safari 5..1 update, but based on the investigator who discovered the AutoFill flaw to begin with, the bug has returned.
Based on Jeremiah Grossman, the founding father of WhiteHat Security, this flaw is really a slight variation around the original AutoFill flaw that permitted malicious Websites to reap your individual information-just like your name, address, workplace, and e-mail address-without you knowing, even when you’ve never visited the website before.
The brand new form of this hack is less “automatic” compared to initial one, based on Grossman, however a hacker just needs to carry out a little social engineering to obtain a new Web user to stop their personal information.
As before, Grossman shows that, if you are using Safari, you need to disable form auto-fill to prevent getting taken with this bug. To do this, select Preferences underneath the Safari menu, and click on AutoFill present in the toolbar uncheck the 3 boxes.
It’s yet another indication that you simply can’t trust anybody-or anything-online. If you wish to find out more about the technical nitty-gritty, see Grossman’s blog publish around the subject.