Jeremiah Grossman, founder and Chief Technology Officer of WhiteHat Security, discovered a security threat built into Apple’s web browser Safari. With nearly 4.9% of people browsing the web using Safari, this threat may have compromised the web privacy of quite a few people.
Built into Apple’s Safari web browser is a convenient AutoFill feature. This feature allows Safari to remember your usernames, passwords, and personal information. AutoFill is a feature that is found on nearly all web browsers in use today. However, as Grossman points out, not all AutoFill features are created equal. Safari has an alarming AutoFill-related security flaw that all Safari users need to be aware of.
When a Safari user visits a website, users’ personal information can be discovered, even if they had never visited that website or entered any personal information before. A malicious website could gain access to the user’s first and last name, work place, city, state, and email address. This is due to a preference setting in Safari’s AutoFill feature that is activated by default, which is “AutoFill web forms: Using info from my Address Book Card”.
Safari users need not worry or search for a new browser, due to this security threat. All users need to do to protect themselves is change a simple setting in Safari’s preferences. Here’s how:
- Open Safari
- Select Safari from then menu bar on the top of the screen
- Select Preferences
- Select the AutoFill tab
- Uncheck “Using info from my Address Book card
That’s it. Note that this security threat is only inherent in Safari Versions 4 and 5. To find out what version you have, select Safari > About Safari in the menu bar.