Safari 5.0.1 and 4.1.1 Address AutoFill Security Flaw
As noted in the
security documentation accompanying today's release,
Safari 5.0.1 and 4.1.1 address an
AutoFill security flaw disclosed last week that could allow a malicious site to obtain a user's Address Book information, including name, company affiliation, city/state/country, and email address.
Impact: Safari's AutoFill feature may disclose information to websites without user interaction
Description: Safari's AutoFill feature can automatically fill out web forms using designated information in your Mac OS X Address Book, Outlook, or Windows Address Book. By design, user action is required for AutoFill to operate within a web form. An implementation issue exists that allows a maliciously crafted website to trigger AutoFill without user interaction. This can result in the disclosure of information contained within the user's Address Book Card. To trigger the issue, the following two situations are required. First, in Safari Preferences, under AutoFill, the "Autofill web forms using info from my Address Book card" checkbox must be selected. Second, the user's Address Book must have a Card designated as "My Card". Only the information in that specific card is accessed via AutoFill. This issue is addressed by prohibiting AutoFill from using information without user action. Devices running iOS are not affected. Credit to Jeremiah Grossman of WhiteHat Security for reporting this issue.
Grossman reported the issue to Apple on June 17th, but went public with his disclosure last week in order to alert customers after failing to receive significant response from Apple. After Grossman's public disclosure, Apple acknowledged the issue and promised that it was working on a fix.
Popular Stories
Despite being more than two years old, Apple's AirPods Pro 2 still dominate the premium wireless‑earbud space, thanks to a potent mix of top‑tier audio, class‑leading noise cancellation, and Apple's habit of delivering major new features through software updates. With AirPods Pro 3 widely expected to arrive in 2025, prospective buyers now face a familiar dilemma: snap up the proven...
Apple's iPhone development roadmap runs several years into the future and the company is continually working with suppliers on several successive iPhone models simultaneously, which is why we often get rumored features months ahead of launch. The iPhone 17 series is no different, and we already have a good idea of what to expect from Apple's 2025 smartphone lineup.
If you skipped the iPhone...
Apple is preparing a "bold" new iPhone Pro model for the iPhone's 20th anniversary in 2027, according to Bloomberg's Mark Gurman. As part of what's being described as a "major shake-up," Apple is said to be developing a design that makes more extensive use of glass – and this could point directly to the display itself.
Here's the case for Apple releasing a truly all-screen iPhone with no...
While the iPhone 17 Pro and iPhone 17 Pro Max are not expected to launch until September, there are already plenty of rumors about the devices.
Subscribe to the MacRumors YouTube channel for more videos.
Below, we recap key changes rumored for the iPhone 17 Pro models as of April 2025:
Aluminum frame: iPhone 17 Pro models are rumored to have an aluminum frame, whereas the iPhone 15 Pro and ...
If you have been experiencing issues with wireless CarPlay in your vehicle lately, it was likely due to a software bug that has now been fixed.
Apple released iOS 18.4.1 today, and the update's release notes say it "addresses a rare issue that prevents wireless CarPlay connection in certain vehicles."
If wireless CarPlay was acting up for you, updating your iPhone to iOS 18.4.1 should...
This week saw rumor updates on the iPhone 17 Pro and next-generation Vision Pro, while a minor iOS 18.4.1 update delivered not just security fixes but also a fix for some CarPlay issues.
We also looked ahead at what else is in Apple's pipeline for the rest of 2025 and even the 20th-anniversary iPhone coming in 2027, so read on below for all the details on these stories and more!
iPhone 17 ...
Apple seeded the third beta of iOS 18.5 to developers today, and so far the software update includes only a few minor changes.
The changes are in the Mail and Settings apps.
In the Mail app, you can now easily turn off contact photos directly within the app, by tapping on the circle with three dots in the top-right corner.
In the Settings app, AppleCare+ coverage information is more...
