Safari 5.0.1 and 4.1.1 Address AutoFill Security Flaw
As noted in the
security documentation accompanying today's release,
Safari 5.0.1 and 4.1.1 address an
AutoFill security flaw disclosed last week that could allow a malicious site to obtain a user's Address Book information, including name, company affiliation, city/state/country, and email address.
Impact: Safari's AutoFill feature may disclose information to websites without user interaction
Description: Safari's AutoFill feature can automatically fill out web forms using designated information in your Mac OS X Address Book, Outlook, or Windows Address Book. By design, user action is required for AutoFill to operate within a web form. An implementation issue exists that allows a maliciously crafted website to trigger AutoFill without user interaction. This can result in the disclosure of information contained within the user's Address Book Card. To trigger the issue, the following two situations are required. First, in Safari Preferences, under AutoFill, the "Autofill web forms using info from my Address Book card" checkbox must be selected. Second, the user's Address Book must have a Card designated as "My Card". Only the information in that specific card is accessed via AutoFill. This issue is addressed by prohibiting AutoFill from using information without user action. Devices running iOS are not affected. Credit to Jeremiah Grossman of WhiteHat Security for reporting this issue.
Grossman reported the issue to Apple on June 17th, but went public with his disclosure last week in order to alert customers after failing to receive significant response from Apple. After Grossman's public disclosure, Apple acknowledged the issue and promised that it was working on a fix.
Popular Stories
Apple today shared an ad that shows how the upgraded Center Stage front camera on the latest iPhones improves the process of taking a group selfie.
"Watch how the new front facing camera on iPhone 17 Pro takes group selfies that automatically expand and rotate as more people come into frame," says Apple. While the ad is focused on the iPhone 17 Pro and iPhone 17 Pro Max, the regular iPhone...
Apple is planning to launch new MacBook Pro models as soon as early March, but if you can, this is one generation you should skip because there's something much better in the works.
We're waiting on 14-inch and 16-inch MacBook Pro models with M5 Pro and M5 Max chips, with few changes other than the processor upgrade. There won't be any tweaks to the design or the display, but later this...
In select U.S. states, residents can add their driver's license or state ID to the Apple Wallet app on the iPhone and Apple Watch, and then use it to display proof of identity or age at select airports and businesses, and in select apps.
The feature is currently available in 13 U.S. states and Puerto Rico, and it is expected to launch in at least seven more in the future.
To set up the...
Wednesday February 11, 2026 10:07 am PST by
Juli CloverApple today released iOS 26.3 and iPadOS 26.3, the latest updates to the iOS 26 and iPadOS 26 operating systems that came out in September. The new software comes almost two months after Apple released iOS 26.2 and iPadOS 26.2.
The new software can be downloaded on eligible iPhones and iPads over-the-air by going to Settings > General > Software Update.
According to Apple's release notes, ...
It has been a slow start to 2026 for Apple product launches, with only a new AirTag and a special Apple Watch band released so far. We are still waiting for MacBook Pro models with M5 Pro and M5 Max chips, the iPhone 17e, a lower-cost MacBook with an iPhone chip, long-rumored updates to the Apple TV and HomePod mini, and much more.
Apple is expected to release/update the following products...
