SafariBigIf you’re a Safari user, you might want to consider changing your browser as it would appear that Safari actually keeps your IDs and passwords as a text file, meaning that anyone with the know-how will be able to access them relatively easily. This is according to the folks at Kaspersky Labs who discovered that this problem could stem from Safari’s retention of browser history as applied in the “Reopen all Windows From Last Session” feature, which basically allows users to resume their sessions from previously closed websites. While this feature has been designed for convenience, perhaps its implementation could have been better as the document stores the IDs and passwords as plain text albeit as a hidden file.

However like we said, anyone with the know-how will be able to discover it relatively quickly and easily. As it stands, Kaspersky claims that there isn’t any malware at the moment that is targeting the exploit, so for now Safari users are safe, although in the meantime you might want to do something about and change browsers until Apple can address the issue. Kaspersky states that this only affects older versions of Safari, such as Safari 6.0.5 running on Mac OS X 10.8.5. They also claim to have contacted Apple and let them know about the exploit, but we have not heard any official statement from Apple regarding the matter just yet, but we will keep our eyes and ears peeled and update you guys accordingly.

Filed in Web. Read more about Bug, Safari and Security.

Related Articles
User Comments