A very serious security vulnerability still exists in Safari, claims the CTO of WhiteHat Security. Jeremiah Grossman observes that on sites where Safari's AutoFill feature can be used, the browser will automatically populate certain fields with data from a computer's Address Book, whether a not person has ever been to the page. By creating a malicious site with the right fields, then simulating keystrokes using JavaScript, it should be possible to collect personal information without the victim's consent.
