Experts at Global Anti Virus and Internet Security Company Kaspersky Labs have discovered a major security loophole in older versions of the Apple web browser Safari.
Like all modern web browsers, Safari offers users the ability to restore their previous browsing session. So when a user re-launches the browsers after a reboot say or system crash, Safari can re-open all windows that were previously open when the user was last logged in. This includes all sites where users must enter authorisation codes.
Now, for the browser to be able to achieve this it has to store this data locally on the user’s Mac. It is at this stage where Kaspersky have discovered a major security loophole. For this feature to be achieved securely the local storage location must be difficult to locate, and it must be encrypted. Kaspersky found that in fact isn’t the case. Here’s why: Safari does not encrypt this data and it is freely available in the plist file, which is easily accessible to anyone with access to the Mac.
The results of this can be seen on the Kaspersky blog, securelist.com.
The screenshot provided shows in amongst a lot of code the username and password used to access a Gmail Account. Kaspersky go on to say that the entire session details are stored, and whilst the plist folder is hidden, it can be readily accessed by anyone.
So why worry? It’s only a concern if your Safari browser isn’t fully up to date if using an older version of Apple OSX. Whilst Kaspersky has highlighted the issue to Apple and it is resolved in Safari 6.1 onwards, it wont be long before those malicious users developing malware and virus attempt to obtain this information from those devices that are out of date, if they haven’t already done so.
The effected versions of OSX and Safari are:
– OSX10.8.5, Safari 6.0.5 (8536.30.1)
– OSX10.7.5, Safari 6.0.5 (7536.30.1)