Apple's Beats brand in April unveiled the Powerbeats Pro, a redesigned wire-free version of its popular fitness-oriented Powerbeats earbuds.
Safari Autofill Security Issue Permits Access to Personal Information
Earlier this week, The Register detailed a security vulnerability found in Apple's Safari Autofill feature that could enable malicious websites to extract users' personal information from their Address Book entries. The security researcher, Jeremiah Grossman of WhiteHat Security, followed up with a blog post yesterday detailing the exploit and offering a proof of concept webpage allowing users to see if they are vulnerable.
The vulnerability arises from Address Book's usage of simple form text fields to store the user's personal information, paired with Safari's ability to automatically grab that information through its Autofill feature to assist users with filling out web forms.
All a malicious website would have to do to surreptitiously extract Address Book card data from Safari is dynamically create form text fields with the aforementioned names, probably invisibly, and then simulate A-Z keystroke events using JavaScript. When data is populated, that is AutoFill'ed, it can be accessed and sent to the attacker.
For some reason, fields that begin with numbers such as phone numbers and street addresses are not subject to this vulnerability. A user's name, company affiliation, city/state/country, and email addresses can, however, typically be accessed.Still, such attacks could be easily and cheaply distributed on a mass scale using an advertising network where likely no one would ever notice because it's not exploit code designed to deliver rootkit payload. In fact, there is no guarantee this has not already taken place. What is safe to say is that this vulnerability is so brain dead simple that I assumed someone else must have publicly reported it already, but exhaustive searches and asking several colleagues turned up nothing.
Grossman reports that he submitted information on the vulnerability to Apple on June 17th, but has received nothing more than an automatic acknowledgement of his submission despite an attempted follow-up. Consequently, Grossman is making public disclosure of the vulnerability so that users can take steps to protect themselves by disabling the Autofill feature, which is turned on by default.Update: According to All Things Digital, Apple has acknowledged the issue and promised that it is working on a fix, but no timeframe for a release has been shared.
[ 88 comments ]
Amazon is reportedly readying a high-fidelity music streaming service that's set to launch by the end of the year. According to Music Business Worldwide, Amazon is in discussions with various...
Last year, we shared a list of some of the best HomeKit products you can buy, which was quite popular with MacRumors readers, so we thought we'd follow it up.
In our 2019 HomeKit video,...
Amazon is discounting the 2019 AirPods with Charging Case to $139.99, down from $159.00. Apple just refreshed the AirPods last month with an updated H1 chip and "Hey Siri" support,...
As part of its ongoing effort to rebuild Apple Maps, Apple has added detailed terrain features to the U.S. states of Arizona and New Mexico as well as the southern portion of Nevada, including the...
Tik Tok, which was pulled from the App Store in India last week to comply with a government demand to block downloads over child safety concerns, is allowed to return to the App Store, reports...
Amazon is currently discounting the latest 13-inch MacBook Pro with Touch Bar to a new all-time-low price. Specifically, this is the 2.3 GHz Quad-Core Intel Core i5 model with 8GB RAM and a 512GB...
Over four years after debuting on Android, and following a significant redesign last year, Google Fit is now available on iOS.
The fitness tracking app can track workout sessions completed...
Following a flash sale on Easter, Best Buy has returned this week with a new 4-day sale that offers discounts on the MacBook Pro with Touch Bar, iPhone X, Beats products, iPhone cases, and more. The...
