Safari browser vulnerable to auto hack attack2010-07-22 16:50 by DanielaTags: Safari, hackers
WhiteHat has disclosed a critical security vulnerability in Apple's Safari browser that could allow hackers to extract personal information from the OS X address book. "Right at the moment a Safari user visits a malicious website, even if they've never been there before or entered any personal information, [it] can uncover their first name, last name, work place, city, state and email address," WhiteHat CTO Jeremiah Grossman wrote in an official blog post. "Safari v4 & v5, with a combined market browser share of 4% (~83 million users), has a feature (Preferences > AutoFill > AutoFill web forms) enabled by default. Essentially we are hacking auto-complete functionality." According to Grossman, malicious websites would likely operate by surreptitiously extracting Address Book card data and dynamically creating form text fields with matching names. Read more -here-
Post your review/comments
rate:
avg:
|