Original article from Jeremiah Grossman of WhiteHat Security
Followup from betanews
Be careful out there....
Apple was notified on June 17th. Might be wise to disable AutoFill until a fix occurs.Right at the moment a Safari user visits a website, even if they’ve never been there before or entered any personal information, a malicious website can uncover their first name, last name, work place, city, state, and email address.