The Safari 5.0.1 update -- and the corresponding v4.1.1 update for Tiger -- finally fix a serious AutoFill vulnerability, an Apple security note reveals. Using a carefully-crafted site and JavaScript, vulnerable versions of Safari can be tricked into entering and sending personal information without consent. Knowledge of the threat has allegedly been in the public domain for about a year, but until now not dealt with by Apple.
