Browser’s built-in Autofill exploit can gather information from the address book.
If you are a Safari user, you might perk your ears this way. A serious security bug has been found in Safari that exposes the browser’s built-in Autofill feature to doll out information through a malicious attack. The exploit gathers information from the address book card, specifically first name, last name, work place, city, state, and email address. To read about the technical innards of the attack code, hit up the source link.
Safari users are suggested to disallow Autofill to use info from the address book. This can done through Preferences > Autofill, and uncheck ‘User info from my Address Book card’.
Source: Jeremiah Grossman.