tedster - 8:50 pm on Jul 22, 2010 (gmt 0)

The original credit for reporting this should go to Jeremiah Grossman [jeremiahgrossman.blogspot.com]

It seems that a malicious website can uncover a Safari user's name, work place, city, state, and email address by hacking the auto-complete function.

And for the record, he did the honorable thing and let Apple know last month - before going public this month.

I figured Apple might appreciate a vulnerability disclosure prior to public discussion, which I did on June 17, 2010 complete with technical detail. A gleeful auto-response came shortly after, to which I replied asking if Apple was already aware of the issue. I received no response after that, human or robot.