Apple Safari Security Update Patches AutoFill Flaw
Apple patches a vulnerability in its Safari browser a day before a presentation at the Black Hat security conference was set to put the issue on display.Apple has patched a bug in Safari just 24 hours before it featured in a researcher's presentation about browser exploits. The Safari AutoFill flaw was among 15 fixed by Apple July 28 in a Safari update. All but two of the bugs reside in the WebKit browser engine. Several of the WebKit bugs could lead to arbitrary code execution, such as a memory corruption issue in WebKit's handling of regular expressions that could be used by a malicious site to execute code.
Much of the attention, however, has focused on the AutoFill flaw, which will be part of a presentation July 29 by WhiteHat Security CTO Jeremiah Grossman at the Black Hat security conference in Las Vegas. By taking advantage of what Apple called an "implementation issue," Grossman discovered, it was possible for attackers to abuse Safari's AutoFill feature to swipe names, addresses and other information from Safari users.