Geeking out on all things security, Jeremiah Grossman details an interesting attack that could steal information stored in a web browser for use in autofill.
These fields are AutoFill’ed using data from the users personal record in the local operating system address book. Again it is important to emphasize this feature works even though a user never entered this data on any website. Also this behavior should not be confused with normal auto-complete data a Web browser may remember after its typed into a form.
Safari isn’t the only browser affected as headlined by 9 to 5 Mac. Any browser that has autofill capabilities is affected by this vulnerability. Though it is reported that Safari and Internet Explorer have the potential to be more at risk to these types of attacks. The Register explains.
I always disable mine anyway since I find autofill to be a useless and annoying feature, but now I feel particularly awesome knowing my habits are keeping me safe from evil-doers. If you’re particularly wary, I would go ahead an disable these checkboxes in Safari (all of them). You should do this for other web browsers as well.
[via 9 to 5 Mac]