You might remember that Apple’s Safari browser got hit by a nasty security bug involving its text AutoFill feature in late July. Apple squashed this bug with the Safari 5.0.1 update, but according to the researcher who discovered the AutoFill flaw in the first place, the bug is back.
According to Jeremiah Grossman, the founder of WhiteHat Security, this flaw is a slight variation on the original AutoFill flaw that allowed malicious websites to harvest your personal information – such as your name, address, workplace, and email address – without you knowing, even if you’ve never visited the site before.
The new version of this hack is less “automatic” than the initial one, according to Grossman, but a hacker just needs to perform a little social engineering to get a hapless web user to give up their personal details.
As before, Grossman suggests that, if you use Safari, you should disable form auto-fill to avoid getting taken by this bug. To do so, select Preferences under the Safari menu, and click AutoFill in the toolbar; uncheck all three boxes.
It’s just another reminder that you can’t trust anyone – or anything – online. If you want to learn more about the technical nitty-gritty, see Grossman’s blog post on the topic.