Jeremiah Grossman

**Name of the Vulnerable Software and Affected Versions** Apple Safari versions prior to 5.0.6 **Description** The issue allows remote attackers to obtain Address Book information via a crafted form. This occurs because Apple Safari provides AutoFill information to scripts that execute before HTML form submission. **Recommendations** For versions prior to 5.0.6, update to version 5.0.6 or later to resolve the issue. As a temporary workaround, consider disabling the AutoFill feature until a patch is available. Restrict access to sensitive information stored in the Address Book to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Safari versions prior to 5.0.1 on Mac OS X 10.5 through 10.6 and Windows Safari versions prior to 4.1.1 on Mac OS X 10.4 **Description** The issue allows remote attackers to obtain sensitive Address Book Card information via JavaScript code that forces keystroke events for input fields. This is related to the AutoFill feature. **Recommendations** For Safari versions prior to 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, update to version 5.0.1 or later. For Safari versions prior to 4.1.1 on Mac OS X 10.4, update to version 4.1.1 or later.

Name of the Vulnerable Software and Affected Versions: Adobe Flash Player versions 9.0.124.0 and earlier Description: The issue allows remote attackers to cause victims to unknowingly click on a link or dialog via access control dialogs disguised as normal graphical elements. This can be used to hijack the camera or microphone and is related to "clickjacking." Recommendations: For Adobe Flash Player versions 9.0.124.0 and earlier, update to a version later than 9.0.124.0 to resolve the issue.