If you use Safari 4 or the recently-release Safari 5, you could be giving personal information away without even realizing it. As security pro Jeremiah Grossman alerted us to in his blog, the Safari web browser has a feature called AutoFill, which is turned on by default to automatically fill in your name, company, city, state, country and email. Malicious websites can easily hack this feature to pull your information without your knowledge, which could then be used in phishing scams or to send you spam email.
Think you’re safe because you haven’t filled out any address forms on the Web? Think again. AutoFill pulls your information from your Address Book card, which on Macs is automatically populated by your Apple ID. On our Windows machines, we found it to be hit or miss whether Safari would/could access our Address Card. You can test your Safari browser for the vulnerability by using this website simulator.
The fix is simple. For Mac users, select Safari from the menu bar and then Preferences, click on the AutoFill icon and uncheck the box next to “Using info from my Address Book card.” For Windows users, click on the gear icon in the upper right corner, select Preferences, click on the AutoFill icon and uncheck the box next to “Using info from my Address Book card.” .
Update: Apple just released an update to Safari that fixes this problem. So you can also download the new version of Safari.