The host is installed with Apple Safari before 3.1 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to properly mask the password field when reverse conversion is used with the Kotoeri input method. Successful exploitation allows physically proximate attackers to read the password.