A Safari vulnerability revealed today can be exploited in order to steel users address book contact details through the autofill feature.

Apple was apparently notified about the vulnerability a month ago by blogger Jeremiah Grossman. Details that can be stolen from a users contacts include names, place of work, address and e-mail address.

The malicious code is powered by JavaScript and scans autofill information and anything that can be, without alerting the user. Grossman posted proof of concept code to a site that scans users info and displays what it has captured to the user.

It?s possible that the code could be hidden in websites via advertisements or other means, stealing a users information with out them knowing it. The code however, can?t scan numbers so your phone number is safe.

The vulnerability can only be exploited on Safari 4.x and 5.0 and takes information from the Address Book located on a Mac. Which is something users have to fill out when they boot up for the first time. So the code does struggle to capture information from Safari when run on a Windows machine but does still grab some.

The vulnerability is easily blocked, just turn of autofill. Users should do this until Apple provides a fix.