101 all components amd building pc camera printer canon pixma chromalife 100 commodore 64 competitiors components pc computer games computer skills consulting 101 consulting business digital media digital photography duplex printing games today ink cartridges ip4200 ip4200 cartridges pac man pc case pixma pixma ip4200 pong skills computer consulting business technical computer technical computer skills virus software
101 all components amd building pc business camera printer ccna ccna certification ccnp chromalife 100 cisco commodore 64 components pc computer consulting 101 consulting business design digital photography hosting internet security server site software web web design web host web hosting web site website
Home 
News & Reviews Gadget Reviews Secunia ranks Apple first in software insecurity, Safari said to have AutoFill vulnerability
News & Reviews Gadget Reviews Secunia ranks Apple first in software insecurity, Safari said to have AutoFill vulnerabilityTech Search
Secunia ranks Apple first in software insecurity, Safari said to have AutoFill vulnerability
Bad news, Oracle. You've slipped to second place for the first time in years. The good news is that it's in Secunia's ranking of the top ten companies with the most software vulnerabilities, which is now topped by Apple -- Microsoft remains in third place, followed by HP and Adobe. According to Secunia, Apple's vulnerabilities are mostly not in OS X, but in Safari, iTunes and other applications. What's important to note, however, is that Secunia's definition of "vulnerability" doesn't simply...
include dangerous, exploitable vulnerabilities, so the rankings don't necessarily indicate which software is the most insecure from a user's point of view.
One vulnerability that is potentially serious, however, is an issue with Safari's AutoFill feature recently discovered by Jeremiah Grossman of WhiteHat Security. According to Grossman, a malicious website can exploit the feature to pull data from a user's address book without their knowledge, which has been demonstrated to take "mere seconds" by a bit of proof of concept code (you can try out yourself if you're feeling trusting). Grossman also says he's informed Apple of the vulnerability but hasn't received a response, and suggests that the only "fix" in the meantime is to turn off the AutoFill feature completely.
Update: AllThingsD has a statement from Apple on the AutoFill issue -- a spokesperson says "we take security and privacy very seriously," and that, "we're aware of the issue and working on a fix."
One vulnerability that is potentially serious, however, is an issue with Safari's AutoFill feature recently discovered by Jeremiah Grossman of WhiteHat Security. According to Grossman, a malicious website can exploit the feature to pull data from a user's address book without their knowledge, which has been demonstrated to take "mere seconds" by a bit of proof of concept code (you can try out yourself if you're feeling trusting). Grossman also says he's informed Apple of the vulnerability but hasn't received a response, and suggests that the only "fix" in the meantime is to turn off the AutoFill feature completely.
Update: AllThingsD has a statement from Apple on the AutoFill issue -- a spokesperson says "we take security and privacy very seriously," and that, "we're aware of the issue and working on a fix."
Secunia ranks Apple first in software insecurity, Safari said to have AutoFill vulnerability originally appeared on Engadget on Thu, 22 Jul 2010 15:31:00 EDT. Please see our terms for use of feeds.
Permalink
Ars Technica, 9 to 5 Mac | 
Secunia (PDF), Jeremiah Grossman | Email this | CommentsSource: Engadget
| < Prev | Next > |
|---|