While it may be nothing new, the exploits of the Safari browser does put user data in open fire for malicious websites to attack. In 2009, Swiss security researcher Patrice Neff reported her findings after witnessing that Safari browser submits personal information without consent of the user.
Such exploit is closely similar to the new reports that dangerous websites are enabled by Safari to access the autofill information. Even more menacing is that even if the user has never visited the websites, autofill would blatantly enter the user’s data.
Safari’s Autofill Option
This recent report which came from WhiteHat Security chief technical incharge, Jeremiah Grossman, who made strong statements that the autofill affects both Safari versions 4 and 5. While no conclusions were made if the attacks are solely on Safari or Google Chrome and all other webkit based browsers, Grossman sent notes of alarm to users so they could immediately stop using the autofill feature.
Apple’s take on the Autofill issue
Apple did issue a response to the reported flaw, but it’s somehow vague and wanting specifics. They just reiterated their awareness of the issue and assured users they’re currently in the works to ensure the security of their data. An Apple spokesperson also repeated the company’s commitment to protecting the privacy and giving utmost security to their users.
In the meantime, users must protect themselves while Apple finds ways to amend this security mishap. They’re being called to disable the Safari autofill option by going to Preferences, AutoFill and the AutoFill Web forms. Chrome users must go to the “wrench” menu and click on options, then choose Personal Stuff and find the AutoFill Button. While the mobile Safari on both iOs and Android browsers, user should be careful so that their personal information don’t get compromised.
Update: Issue has been fixed in the latest update. Thanks, Sajin Seetthi.