First it was the AT&T debacle with the iPad and now it’s Safari; Apple can’t seem to catch a break (and we’re not even going to bring up the iPhone 4G). At least with the AT&T issue it was more of a leak from the networks side, with this new one it is all about Apple.
The issue is serious and involves the leakage of personal data without the consent of the user. Autofill is a feature that most people use while browsing and it is this very feature which is/has/could be exploited by hackers. The exploit can hit Safari 5 and the older Safari 4 making it a very real and current threat. This information was revealed by the chief technical officer of WhiteHat Security, Jeremiah Grossman. He said that simply visiting a malicious website would be enough for a user’s data to be plundered.
Grossman said that a website can create a form that has all the fields like a normal legitimate form, hide it from view and simply simulate some keystrokes using java to get all the information out. More often than not, the user would be unaware that his personal data was being stolen. Grossman also said that he had mailed Apple and informed them about the breach. Unfortunately, he has only received an auto responder mail and nothing else so far.
Safari is not alone in facing this threat and there are suspicions that Google Chrome could also be vulnerable to these attacks as both browsers are WebKit-based. So far the only solution users can apply for both browsers is disabling of the Autofill feature until a fix is released.