Computing in the real world
SEARCH FOR: IN: Advanced Search
Guest  Level 00    Register Log in

News 

[PSUs]
Friday 1st December 2006
Safari AutoFill risks user details disclosure 9:37AM, Friday 1st December 2006
A security vulnerability has been discovered in Safari's AutoFill feature that could be exploited to steal usernames and passwords.

The vulnerability is caused by to the AutoFill feature not properly checking the URL before automatically filling saved user credentials into forms. This may be exploited in a phishing attack to steal user credentials via malicious forms in the same domain. For more information see Secunia Advisory 23066.

Successful exploitation requires that the "User names and passwords" option is enabled in the AutoFill preferences. Should you wish to leave this enabled, a Saft Lite plugin update purports to fix the flaw, though the developer has yet to provide any information on how this is accomplished. Alternatively avoid visiting untrusted websites and responding to spam.

The same flaw has also been reported in Firefox.
Simon Aughton

Submit to: Digg  |  Slashdot  |  Del.icio.us  |  Technorati

Related News


Sponsored Links
Safari
All Exclusive Safari Secrets Revealed Right here. Grab your Safari Bargain Today!
Back to top
Safari Offers
Safari
All Exclusive Safari Secrets Revealed Right here. Grab your Safari Bargain Today!
got-bargains.co.uk
Compare Broadband
Broadband?
Compare 50+ packages
Enter your postcode below:
Powered by:
Top 10 Broadband
Bookstore Top 5
› See more News
› See more Hot topics

Columns

Prolog:

There are lots of ways to save money, says Tim Danton, but it's the little things that count. › See full Opinion
› See more Columns
›  See more Research Papers