Jeremiah Grossman has uncovered a fatal privacy flaw in Apple’s Safari Web Browser v4 and v5 which allows a malicious web site to surreptitiously extract data automatically filled Jeremiah Grossman by way of the “AutoFill” functionality.
All a malicious website would have to do to surreptitiously extract Address Book card data from Safari is dynamically create form text fields with the aforementioned names, probably invisibly, and then simulate A-Z keystroke events using JavaScript. When data is populated, that is AutoFill’ed, it can be accessed and sent to the attacker.
There is currently no fix available for this vulnerability. Until Apple does release a security update addressing this exploit, immediately turn off the AutoFill feature in Safari. Either that or modify your Address Book Card to something with innocuous data.
On a side note, according to Grossman he informed Apple over a month ago about the exploit but has yet to receive a response. No surprise there – Apple is renown for not responding to such submissions. This is not to say they will not provide a response, but rather to keep the issue on the down-low, which is really how Apple rolls when it comes to flaws with their products.
The final days leading up to the WWDC saw a number of sites post rumors about a possible Safari update. Unfortunately Steve Jobs managed to walk away from the stage without ever mentioning this potential update. It appears that Apple did in fact release an update to Safari upon the conclusion of the keynote.
Apple on Monday released Safari 5, the latest version of its desktop Web browser, with a 30 percent performance increase, the addition of Bing search and secure sandboxed extensions, as well as support for more than a dozen new HTML5 technologies.
The most exciting new feature of Safari 5 is the ability to develop extensions, much like what Firefox and Chrome currently offer. This should allow for endless possibilities of expanded support within Safari – such as a native del.icio.us bookmarks extension and much more.
Check out the full list of what is new in Safari 5. This update appears to be one that cannot be overlooked.
Tabs, bookmarks, search forms, these are all features that we take for granted when it comes to browsing the web using our favourite web browser. We expect it to work, to be fast, and most important, it shouldn’t bother us with stupid behaviour or messages.
Every major web browser supports tabbed browsing these days, it makes it easier to maintain the websites you are visiting. Mozilla Firefox, Opera, Safari, even Internet Explorer supports tabs. Seeing that the concept of using tabs has been around for a while, you’d think it would be trouble free, too bad you’re wrong. In this case there’s a problem with Apple’s Safari, a problem that could’ve been solved a long time ago as Safari has been supporting tabs since April 2003.
Read the full story …
Are you a Mac OS X user dying to get your dirty little hands on a working copy of Google Chrome for Mac because of all the hype surrounding the Windows version of the browser? No need to wait any longer as nightly test builds of Chromium are available to anyone interested in test driving the early developmental releases of the browser. The TechMiso Soup Chefs took Chromium for a spin and here’s what we found about this highly anticipated project.
Read the full story …
If you do not live under a rock then surely you know that earlier this week Apple surprised the world and released an early beta of Safari 4, packing a major interface change, speed enhancements and a few other nifty features. Rather than report on the actual release of the browser itself, I thought it would be more beneficial to use Safari 4 for a couple days and write-up my thoughts on such usage. So without further ado, here is what the miso soup lovers found over the course of the past few days.
Read the full story …
