Switched has a new home! Huffpost Tech.

Click here to visit the new home of Switched!

Hot on HuffPost Tech:

See More Stories
AOL Tech

Apple Confirms Safari Auto-fill Flaw that Reveals Personal Information

by Amar Toor on July 23, 2010 at 12:40 PM

Safari Browser and AutofillIf you're using Apple's Safari browser, your personal information may be at risk. According to security researcher Jeremiah Grossman, Safari users could be unknowingly revealing personal data to third party sites, thanks to a flaw in the browser's security framework. As the New York Times reports, the bug exploits Safari's auto-fill function, and can allow sites to access a user's name, address, e-mail, phone number or any other personal information that Mac users store in their address books. "We take security and privacy very seriously," Apple said in a statement. "We are aware of the issue and working on a fix."

Grossman, who works at WhiteHat Security, actually first notified Apple of the flaw back in June. Upon sending an alert e-mail, though, he received only an automated response, and never heard any more from them. So, he decided to go public with it, and published his findings on his personal blog. The most dangerous part of the flaw, according to Grossman, is the ease with which any site could exploit it. "It is very easy to do," he said, in an interview. "We can only assume that other people have used it."

Fortunately, Grossman claims that the bug doesn't appear to affect Safari browsers on the iPhone or iPad. With an estimated 83 million people using Apple's browser, though, news of a security flaw will undoubtedly raise concerns among consumers. For now, some sites are recommending that Safari users simply disable their auto-fill capabilities, just to be safe. [From: New York Times]

Tags: Apple, AppleSafari, AutoFill, browser, bug, PersonalInformation, privacy, safari, safari autofill, SafariAutofill, security, top, web, webbrowser

Comments

1

HuffPost AOL Social News Most Popular