The host is installed with Apple Safari before 6.1.1 or 7.0.0 and is prone to remote code execution vulnerability. A flaw is present in the application, which fails to handle crafted HTML. Successful exploitation allows attackers to cause the browser to autofill user credentials to a subframe from a different domain.