Business IT - Technology for your business

No. 1 Story

Court victory about copyright not content rights, says Optus

Optus has moved to play down the implications of the copyright ruling on its 'TV Now' service for lucrative deals covering exclusive rights to deliver popular free-to-air content to mobile devices

 read more
StumbleUponSubmit to redditShare this on TwitterShare on facebook | Print |PDF 

More From

Apple fixes Safari AutoFill security flaw - and more

Stephen Withers
Thursday, 29 July 2010 12:47

Business IT - Security

Page 1 of 2

Apple has moved with uncharacteristic speed to patch a security flaw that exposed certain personal information to attackers. 14 other flaws have been fixed as well.


Microsoft Office 365 Get your free Trial

Related Articles

Last week, Jeremiah Grossman, chief security officer of WhiteHat Security, released a proof of concept showing how AutoFill can be misused to grab the name, work place, city, state, and email address of a visitor to a web page. No user action is required beyond navigating to the malicious page.

Grossman reported the issue to Apple a little over a month before going public, but said he could get no response from the company other than an automated reply to his original notification.

In addition to delivering extensions, Safari 5.0.1 fixes the problem by prohibiting AutoFill from using information without user action. According to Apple, the change affects both the Mac OS X and Windows versions of Safari.

Both versions also include changes to the handling of RSS feeds to block a cross-site scripting attack.

Multiple security-related changes have been made to the WebKit framework that underpins Safari. The 13 vulnerabilities are all said to potentially allow the execution of arbitrary code.

Page 2 - what's affected in WebKit, and what about those stuck on Safari 4?



Start 1 2 Next 

Sponsored Announcements

Mobile Mentor launches end-to-end Bring-Your-Own-Mobile solution

Dieneke Koster | Until recently, having employees using their personal smartphones or tablets for work could have landed CIOs in hot water, but with what is bel…

You may have missed


Advertisement

- sponsored feature -

The Death of Traditional BI: What’s Next?

How to Make Business Discovery Work for Your Business IP PABX BUYING GUIDE

Business Discovery takes its cues from consumer apps. Like Google, it encourages us- ers to hunt for and explore data without worrying about or even noticing the underly- ing technology. Their entire experience is working within an intuitive interface to get real-time, self-service results with only minimal training. ...more

Our Services for Technology Professionals

E - mail News SMS Headlines Desktop Alerts News Feeds Job Alerts Technology Events Press-Releases