If you’re a Safari user, you might want to consider changing your browser as it would appear that Safari actually keeps your IDs and passwords as a text file, meaning that anyone with the know-how will be able to access them relatively easily. This is according to the folks at Kaspersky Labs who discovered that this problem could stem from Safari’s retention of browser history as applied in the “Reopen all Windows From Last Session” feature, which basically allows users to resume their sessions from previously closed websites. While this feature has been designed for convenience, perhaps its implementation could have been better as the document stores the IDs and passwords as plain text albeit as a hidden file.
However like we said, anyone with the know-how will be able to discover it relatively quickly and easily. As it stands, Kaspersky claims that there isn’t any malware at the moment that is targeting the exploit, so for now Safari users are safe, although in the meantime you might want to do something about and change browsers until Apple can address the issue. Kaspersky states that this only affects older versions of Safari, such as Safari 6.0.5 running on Mac OS X 10.8.5. They also claim to have contacted Apple and let them know about the exploit, but we have not heard any official statement from Apple regarding the matter just yet, but we will keep our eyes and ears peeled and update you guys accordingly.
- 2014-04-01: Safari Is The Browser Of Choice When It Comes To Mobile [Report]
- 2013-12-18: Missed Safari Update Could Signal End Of OS X Snow Leopard Support
- 2013-12-16: Kaspersky Labs Discover Bug In Safari That Stores IDs And Passwords In A Text File
- 2013-11-18: Google Has To Cough Up $17 Million In Fines Due To Anti-Tracking Snafu With Safari
- 2013-10-24: Adobe To Sandbox Flash Player For Safari Users
- 2011-07-15: Apple releases iOS 4.3.4 update
- 2011-01-28: Password security flaw on Amazon.com
- 2010-03-02: New Attack On Internet Explorer Via F1 Key
- 2010-07-22: Safari Browser's AutoFill Security Exploit Can Expose Your Personal Information
- 2010-10-15: Droid 2 Bug Allows Voice Actions Even When Locked