Simon Willison’s Weblog

Subscribe

Thursday, 22nd July 2010

Jeremiah Grossman: I know who your name, where you work, and live. Appalling unfixed vulnerability in Safari 4 and 5 —if you have the “AutoFill web forms using info from my Address Book card” feature enabled (it’s on by default) malicious JavaScript on any site can steal your name, company, state and e-mail address—and would be able to get your phone number too if there wasn’t a bug involving strings that start with a number. The temporary fix is to disable that preference.

# 8:44 am / apple, autocomplete, browsers, exploit, safari, security, vulnerability, recovered

2010 » July

MTWTFSS
   1234
567891011
12131415161718
19202122232425
262728293031