This apparently applies to Safari on Macs and no word yet if it applies to the Windows version of Apple’s browser but the folks over at 9 to 5 Mac have posted an alarming notice to all Safari users to immediately disable the browsers autofill feature.
As shown in the proof-of-concept code (graciously hosted by Robert “RSnake” Hansen), the entire process takes mere seconds and represents a major breach in online privacy. This attack could be further leveraged in multistage attacks including email spam, (spear) phishing, stalking, and even blackmail if a user is de-anonymized while visiting objectionable online material.
Sometimes the best hacks are the simplest ones but it also goes to show that security problems are just the providence of any one tech company.
image courtesy of 9 to 5 Mac