If you are among the more than 80 million people who use Apple’s Safari browser to surf the web, you may want to change your settings stat. A bug discovered in Safari’s AutoFill allows malicious websites to extract a user’s first name, last name, work place, city, state, and email address. They don’t even need to fill out a form to trigger the bug: It can occur simply by their loading the site and takes place in just seconds. WhiteHat Security’s Jeremiah Grossman has described it in greater detail.
Apple will presumably patch this, but in the meantime, you can take action.
If you go into your AutoFill preferences in Safari’s Preferences menu, you’ll see a box that says to AutoFill web forms by using info from your Address Book card; if it’s checked, uncheck this box and you’ll cut off malicious sites’ ability to steal your personal information.
(Jeremiah Grossman via BGR)
