Safari users - turn off your AutoFill option at once. It's probably on as this is the default setting.

9 to 5 Mac is reporting that by leaving the feature on, you are opening yourself up to a world of cyber nasties, just waiting to steal all of your details.

Jeremiah Grossman details how the security glitch happens:

"These fields are AutoFill'ed using data from the users personal record in the local operating system address book. Again it is important to emphasize this feature works even though a user never entered this data on any website.

"Also this behaviour should not be confused with normal auto-complete data a Web browser may remember after its typed into a form. All a malicious website would have to do to surreptitiously extract Address Book card data from Safari is dynamically create form text fields with the aforementioned names, probably invisibly, and then simulate A-Z keystroke events using JavaScript.

"When data is populated, that is AutoFill’ed, it can be accessed and sent to the attacker. The entire process takes mere seconds and represents a major breach in online privacy. This attack could be further leveraged in multi-stage attacks including email spam, (spear) phishing, stalking, and even blackmail if a user is de-anonymized while visiting objectionable online material".

The security flaw has been known about for a year now although it isn't yet clear why it has taken so long for knowledge to reach the public domain.

But you know now, so get it turned off.

Sections Apps