Security flaw: Safari endangers storing user passwords

By -

Security experts have complained that the Apple web browser, Safari, endangers storing user passwords, due to a fault in the information stored.

For the browser know what was open in the previous session, the relevant information must be stored somewhere and explained from Kaspersky Labs, must be encrypted. “The problem is that Safari does not encode the previous sessions and stored in a common file format plist that is easily accessible.”

According to the security company, “it would not be difficult to find the login credentials of the user”, since the entire site authorized session is stored in the plist file, “in full view though it was used https”.”The file itself is located in a hidden folder, but anyone can read it.” The system can open a plist file without problems and saves session information, including encrypted http requests using a simple Base64 encoding algorithm in structured format. Specifically, the function ‘Reopen all windows from last session’ that makes sites open as they were at the end of the last session. It is the function that uses LastSession.plist and is available in versions of Mac OS X and Safari # # OSX10.8.5, Safari 6.0.5 (8536.30.1) and # # OSX10.7.5, Safari 6.0.5 (7536.30.1 ).

According to experts at Kaspersky Lab, would be a “big problem” that cyber criminals or a malicious program file LastSession.plist had access to a system in which the user enters a Facebook, Twitter, LinkedIn or your bank account online. In this sense, the company reported that so far has not detected any malware that is trying to exploit this vulnerability, but adds that “will soon appear if not addressed before by Apple.”


He have started blogging on Technology and computer at his college time in 2005 and worked with many reputed organization in India. He wrote many guest post for Technology magazine and newspapers worldwide. His writing and passion about Technology make him different from other writers in the global market. He love to write the review and thoughts on any new Technology and invention in current happenings.

Comments are closed.