Security experts have complained that the Apple web browser, Safari, endangers storing user passwords, due to a fault in the information stored.
For the browser know what was open in the previous session, the relevant information must be stored somewhere and explained from Kaspersky Labs, must be encrypted. “The problem is that Safari does not encode the previous sessions and stored in a common file format plist that is easily accessible.”
According to the security company, “it would not be difficult to find the login credentials of the user”, since the entire site authorized session is stored in the plist file, “in full view though it was used https”.”The file itself is located in a hidden folder, but anyone can read it.” The system can open a plist file without problems and saves session information, including encrypted http requests using a simple Base64 encoding algorithm in structured format. Specifically, the function ‘Reopen all windows from last session’ that makes sites open as they were at the end of the last session. It is the function that uses LastSession.plist and is available in versions of Mac OS X and Safari # # OSX10.8.5, Safari 6.0.5 (8536.30.1) and # # OSX10.7.5, Safari 6.0.5 (7536.30.1 ).
According to experts at Kaspersky Lab, would be a “big problem” that cyber criminals or a malicious program file LastSession.plist had access to a system in which the user enters a Facebook, Twitter, LinkedIn or your bank account online. In this sense, the company reported that so far has not detected any malware that is trying to exploit this vulnerability, but adds that “will soon appear if not addressed before by Apple.”