Jul 22
Safari v4 and v5 security flaw
All a malicious website would have to do to surreptitiously extract Address Book card data from Safari is dynamically create form text fields with the aforementioned names, probably invisibly, and then simulate A-Z keystroke events using JavaScript. When data is populated, that is AutoFill’ed, it can be accessed and sent to the attacker.
Some creative Safari hacking which only works on a Mac (i.e. not iOS).
