"Hey Siri" support and possibly wireless charging case alongside AirPower charging mat.
AirPods and AirPower: Everything We Know
Safari Autofill Security Issue Permits Access to Personal Information
Earlier this week, The Register detailed a security vulnerability found in Apple's Safari Autofill feature that could enable malicious websites to extract users' personal information from their Address Book entries. The security researcher, Jeremiah Grossman of WhiteHat Security, followed up with a blog post yesterday detailing the exploit and offering a proof of concept webpage allowing users to see if they are vulnerable.
The vulnerability arises from Address Book's usage of simple form text fields to store the user's personal information, paired with Safari's ability to automatically grab that information through its Autofill feature to assist users with filling out web forms.
All a malicious website would have to do to surreptitiously extract Address Book card data from Safari is dynamically create form text fields with the aforementioned names, probably invisibly, and then simulate A-Z keystroke events using JavaScript. When data is populated, that is AutoFill'ed, it can be accessed and sent to the attacker.
For some reason, fields that begin with numbers such as phone numbers and street addresses are not subject to this vulnerability. A user's name, company affiliation, city/state/country, and email addresses can, however, typically be accessed.Still, such attacks could be easily and cheaply distributed on a mass scale using an advertising network where likely no one would ever notice because it's not exploit code designed to deliver rootkit payload. In fact, there is no guarantee this has not already taken place. What is safe to say is that this vulnerability is so brain dead simple that I assumed someone else must have publicly reported it already, but exhaustive searches and asking several colleagues turned up nothing.
Grossman reports that he submitted information on the vulnerability to Apple on June 17th, but has received nothing more than an automatic acknowledgement of his submission despite an attempted follow-up. Consequently, Grossman is making public disclosure of the vulnerability so that users can take steps to protect themselves by disabling the Autofill feature, which is turned on by default.Update: According to All Things Digital, Apple has acknowledged the issue and promised that it is working on a fix, but no timeframe for a release has been shared.
[ 88 comments ]
For this week's giveaway, we've teamed up with Astropad to offer MacRumors readers a chance to win a Luna Display adapter. The Luna Display is a handy little dongle that's designed to...
In late November, Apple launched a limited time promotion that offers up to $100 in additional credit when trading in an iPhone 6 through iPhone 8 towards the purchase of a new iPhone XS or...
Apple today filed its 2018 Conflict Minerals Report with the SEC as part of its commitment to supplier responsibility.
Apple said it remains "deeply committed" to upholding human...
Apple's Beats by Dre brand today unveiled a new NBA collection, with Beats Studio 3 Wireless Headphones available in six colorways representing the Golden State Warriors, Los Angeles Lakers,...
Twitter CEO Jack Dorsey today commented on the possibility of an edit button for tweets, suggesting Twitter is considering a feature that might let people go back and add clarifications or...
In the wake of Apple's decision to end its AirPort line of routers, many users continue to hunt for the best possible Wi-Fi networking solution. Ubiquiti Networks' AmpliFi routers have been...
Today is Valentine's Day, and as it happens on holidays, many online retailers are using the event to share Valentine-themed discounts and offers to their customers. In this post we've...
First released in 2016, Apple's AirPods are widely considered to be one of the company's best products in recent years, with AirPods offering great battery life, portability, simple charging,...
