Simon Willison’s Weblog

Items tagged apple, security, safari

Filters: apple × security × safari ×


Jeremiah Grossman: I know who your name, where you work, and live. Appalling unfixed vulnerability in Safari 4 and 5 —if you have the “AutoFill web forms using info from my Address Book card” feature enabled (it’s on by default) malicious JavaScript on any site can steal your name, company, state and e-mail address—and would be able to get your phone number too if there wasn’t a bug involving strings that start with a number. The temporary fix is to disable that preference. # 22nd July 2010, 8:44 am

Safari Beta 3.0.1 for Windows. A nice fast turnaround on fixes for security flaws in the beta. # 14th June 2007, 9:56 am

Safari for Windows, 0day exploit in 2 hours (via) Once again, down to handling of alternative URL protocol schemes. # 12th June 2007, 1:30 pm