Gaping Safari Security Hole

By  |  Thursday, July 22, 2010 at 12:27 pm

Okay, this is the most disturbing Apple security weakness I’ve heard about to date: a fairly straightforward Safari exploit that would let a hacker silently swipe information from your address book. Embarrassing, too: The guy who discovered it says he alerted Apple last month, and got only an automated reply.



3 Comments For This Post

  1. John Baxter Says:

    Paranoia goes a long way: I always turn off AutoFill and similar abilities in web browsers.

  2. Hamranhansenhansen Says:

    The automated reply was "we're aware of this bug and are working on it and will have a fix soon." Not sure what is embarrassing about that.

    It only applies to Safari on the Mac. It's unlikely to be long-lived because the Mac so easily patches itself, so it's unlikely to be broadly exploited.

  3. Poondog Says:

    @Hamranhansenhansen That doesn't mean that they actually did look at it. You must send all of your error reports too.