July 28, 2010

Safari update fixes auto-fill flaw ahead of Black Hat talk

Apple on Wednesday issued updates for its Safari 4 and 5 web browser to fix 15 vulnerabilities, some of which could lead to arbitrary code execution or information disclosure. Safari 5.0.1 and 4.1.1 fix an issue with the browser's auto-fill feature, which is used to automatically fill out web forms using information in a user's computer or address book. The flaw could allow a maliciously crafted website to trigger auto-fill without user interaction, potentially leading to information disclosure. The patch comes one day before Jeremiah Grossman, founder and CTO of WhiteHat Security, is set to present about the vulnerability at the Black Hat conference in Las Vegas. The Safari updates also fix several flaws in WebKit, an open-source application framework. – AM

Related Articles
Related Topics

Sign up to our newsletters

More in News

House Intelligence Committee OKs amended version of controversial CISPA

Despite the 18-to-2 vote in favor of the bill proposal, privacy advocates likely will not be satisfied, considering two key amendments reportedly were shot down.

Judge rules hospital can ask ISP for help in ID'ing alleged hackers

The case stems from two incidents where at least one individual is accused of accessing the hospital's network to spread "defamatory" messages to employees.

Three LulzSec members plead guilty in London

Ryan Ackroyd, 26; Jake Davis, 20; and Mustafa al-Bassam, 18, who was not named until now because of his age, all admitted their involvement in the hacktivist gang's attack spree.