Simon Willison’s Weblog

Items tagged apple, security

Filters: apple × security ×

Jeremiah Grossman: I know who your name, where you work, and live. Appalling unfixed vulnerability in Safari 4 and 5 —if you have the “AutoFill web forms using info from my Address Book card” feature enabled (it’s on by default) malicious JavaScript on any site can steal your name, company, state and e-mail address—and would be able to get your phone number too if there wasn’t a bug involving strings that start with a number. The temporary fix is to disable that preference. # 22nd July 2010, 8:44 am

Critical Mac OS X Java Vulnerabilities. There’s a five month old Java arbitrary code execution vulnerability which hasn’t yet been patched by Apple. Disable Java applets in your browser until it’s fixed, or random web pages could execute commands on your machine as your user account. # 19th May 2009, 7:07 pm

Apple just gave out my Apple ID password because someone asked. “am forget my password of mac,did you give me password on new email marko.[redacted]”. Classy. # 8th July 2008, 10:10 am

Safari Beta 3.0.1 for Windows. A nice fast turnaround on fixes for security flaws in the beta. # 14th June 2007, 9:56 am

Safari for Windows, 0day exploit in 2 hours (via) Once again, down to handling of alternative URL protocol schemes. # 12th June 2007, 1:30 pm

Daring Fireball: Security Cannot Be Spun. Apple’s communication handling of the recent security problem was atrocious. # 31st May 2004, 4 am