Seth Rosenblatt reports:
The autofill option in Apple’s Safari browser can expose personal data without the user’s consent, a security researcher reported on Wednesday. It remains unclear as to whether the problem affects Safari specifically or all WebKit-based browsers, which include Google Chrome. It’s recommended that Safari and Chrome users disable the autofill feature immediately, until further notice.
Jeremiah Grossman, the chief technical officer of WhiteHat Security, documented the exploit in a blog post on Wednesday, saying that it affects both the current version of Safari, version 5, and the legacy version, Safari 4. He said that the exploit is severe enough that a malicious Web site can access autofill information from Safari without the user entering in any personal information on the site, or even if the user had never visited the site previously.
Read more on cnet.