User Data in Danger with Safari Autofill Option

By Jim Roberts | News

While it may be nothing new, the exploits of the Safari browser does put user data in open fire for malicious websites to attack. In 2009, Swiss security researcher Patrice Neff reported her findings after witnessing that Safari browser submits personal information without consent of the user.

Such exploit is closely similar to the new reports that dangerous websites are enabled by Safari to access the autofill information. Even more menacing is that even if the user has never visited the websites, autofill would blatantly enter the user’s data.

Safari’s Autofill Option

This recent report which came from WhiteHat Security chief technical incharge, Jeremiah Grossman, who made strong statements that the autofill affects both Safari versions 4 and 5. While no conclusions were made if the attacks are solely on Safari or Google Chrome and all other webkit based browsers, Grossman sent notes of alarm to users so they could immediately stop using the autofill feature.


The exploits start when malicious websites make attractive text fields and with use of the JavaScript, copy the keystrokes entered by the users. Thus, personal information as sensitive as credit card and contact details will be harvested by autofill. This upsetting breach, indeed, calls for more stringent security controls, and makes the autofill tool a top candidate for disabled technologies.

Apple’s take on the Autofill issue

Apple did issue a response to the reported flaw, but it’s somehow vague and wanting specifics. They just reiterated their awareness of the issue and assured users they’re currently in the works to ensure the security of their data. An Apple spokesperson also repeated the company’s commitment to protecting the privacy and giving utmost security to their users.

For Google’s part, they did make a statement that Chrome is not susceptible to the autofill dangers because the browser has rigid user confirmations that even JavaScript won’t be able to replicate. Still, it’s an open-ended assurance, and users must still be watchful.

In the meantime, users must protect themselves while Apple finds ways to amend this security mishap. They’re being called to disable the Safari autofill option by going to Preferences, AutoFill and the AutoFill Web forms. Chrome users must go to the “wrench” menu and click on options, then choose Personal Stuff and find the AutoFill Button. While the mobile Safari on both iOs and Android browsers, user should be careful so that their personal information don’t get compromised.

Update: Issue has been fixed in the latest update. Thanks, Sajin Seetthi.

About the Author

Holding a dual degree in both Management and IT with 13 years of business experience, I am Jim F. Roberts from California, USA. Needless to say, I am a techy guy and I love exploring, checking out the latest gadgets and sharing my thoughts on a lot of things.

Leave a Comment:

(1) comment

Techpinoy August 1, 2010

Thank u for the heads up Jim. Now we know what to use and not to use, keep it up, we love this syt,. I had my friends use safari before but this rvelation is really disturbing. Thank u for the information

Add Your Reply

Leave a Comment: