According to Computerworld, Safari's AutoFill feature, which is supposed to make it easier to fill out forms, could by abused by hackers to harvest personal information.
Techtree.com reports that the feature can be exploited in Safari 4.0 and Safari 5.0 versions.
When the user keeps the AutoFill info from address book card feature on and visits a maliciously crafted website, the browser automatically populates and fills the user information in the web page.
In a blog post, WhiteHat Security founder and CTO Jeremiah Grossman describes how a malicious hacker could take advantage of Safari's AutoFill feature. Says Grossman:
Such attacks could be easily and cheaply distributed on a mass scale using an advertising network where likely no one would ever notice because it's not exploit code designed to deliver rootkit payload.
But as PCWorld.com notes, there is an easy way to defend against such attacks: Simply disable the "Using info from my Address Book" option in the AutoFill preferences pane.