Computing in the real world
SEARCH FOR: IN: Advanced Search
Guest  Level 00    Register Log in

News 

[Security]
Friday 1st December 2006
Safari AutoFill risks user details disclosure 9:37AM, Friday 1st December 2006
A security vulnerability has been discovered in Safari's AutoFill feature that could be exploited to steal usernames and passwords.

The vulnerability is caused by to the AutoFill feature not properly checking the URL before automatically filling saved user credentials into forms. This may be exploited in a phishing attack to steal user credentials via malicious forms in the same domain. For more information see Secunia Advisory 23066.

Successful exploitation requires that the "User names and passwords" option is enabled in the AutoFill preferences. Should you wish to leave this enabled, a Saft Lite plugin update purports to fix the flaw, though the developer has yet to provide any information on how this is accomplished. Alternatively avoid visiting untrusted websites and responding to spam.

The same flaw has also been reported in Firefox.
Simon Aughton

Submit to: Digg  |  Slashdot  |  Del.icio.us  |  Technorati

Related News


Back to top
Compare Broadband
Broadband?
Compare 50+ packages
Enter your postcode below:
Powered by:
Top 10 Broadband
Bookstore Top 5
› See more News
› See more Hot topics
›  See more Research Papers