Safari's AutoFill Could be Potentially More Dangerous Than Helpful

By Evan Selleck/July 22, 2010 1:48 pm EST

It's never a good thing when a good idea goes bad. Especially one that's been part of something else for quite awhile. In this case, it would be Safari's AutoFill feature. And, what makes it worse, is the very real possibility that "those in the know" have actually known about this problem for about a year now. What's the deal? Head past the break to find out.

First, AutoFill. What's it do? Well, as the name might suggest, it's a feature in your Safari Web browser that allows you to get through forms more quickly. As you go through one form to another, it will remember your inputs for fields like Name, Email, Address, and even in some cases your credit card number. It may make your life easier for those 15 seconds, but in the long-run it looks like it may cause more harm than anything else. Jeremiah Grossman does a great job of explaining the situation, so here's what he has to say:

"These fields are AutoFill'ed using data from the users personal record in the local operating system address book. Again it is important to emphasize this feature works even though a user never entered this data on any website. Also this behavior should not be confused with normal auto-complete data a Web browser may remember after its typed into a form."

He goes on to add, "All a malicious website would have to do to surreptitiously extract Address Book card data from Safari is dynamically create form text fields with the aforementioned names, probably invisibly, and then simulate A-Z keystroke events using JavaScript. When data is populated, that is AutoFill'ed, it can be accessed and sent to the attacker.

What it boils down to, folks, is that simply un-checking a few of the options within your Browser's settings won't cut it. You need to deselect all of the options that are recognized within the AutoFill category. It should also be known that this feature is automatically activated, so if you haven't even noticed it, now's the time to take a look and see what your settings are. Grossman notified Apple about a month ago of the situation, but he still hasn't heard anything. Hopefully that changes, and we get some kind of fix.

[via 9 to 5 Mac]