0day: Apple Safari AutoFill
Jeremiah Grossman has discovered a weakness in Apple Safari, which can be exploited by malicious people to disclose potentially sensitive information.
The weakness is caused due to the AutoFill feature being enabled to use information from the personal address book card by default. This can be exploited to secretly disclose personal information from the personal address book card when a user visits a specially crafted web page.
The weakness is confirmed in Safari version 5.0. Other versions may also be affected.
Impact : Exposure of sensitive information
Reference : Secunia Advisory SA40664
Disable the AutoFill feature for address book card information.
How? Show Safari preferences (press Command-comma or ⌘,) and uncheck the autofill web form.
Personal information exposed? It depends on the data, here’s my browser result.