Think the Safari Browser is Secure? Guess Again and Welcome to the Jungle Baby
The web is a jungle filled with potential danger at every turn, and if you plan to surf through it with Safari, well, that's certainly your prerogative. However, be aware that it's not the safest vehicle for navigating cyberspace, and we're not talking about just the dated version that's available for Windows, either -- a recent version of Safari on Mac OS has a pretty big security flaw.
Kaspersky Labs discovered through its Securelist division that Safari essentially leaves you with your pants around your ankles when saving a previous browsing session. The ability to restore a previous browsing session is something Safari is able to do, as can most other modern browsers, however the method by which these sessions are saved is anything but secure.
To save (and later restore) a browsing session, that data has to be saved. The problem with Safari is that it doesn't encrypt that data and instead stores your session in a standard plist file, making it that much easier to find and steal sensitive data such as the usernames and passwords you use to log into different websites.
The plist file itself is located in a hidden folder, but if a miscreant managed to dig it up, he or she would have full view of the complete authorized session despite the use of https, Securelist says. This includes websites like Facebook, LinkedIn, and even banking websites.
Securelist says it notified Apple of the issue and as of Safari 6.1, the vulnerability appears to have been fixed. If you're running Safari 6.0.5 on Mac OS X 10.7.5 or 10.8.5, be sure to update your Safari browser ASAP.
Kaspersky Labs discovered through its Securelist division that Safari essentially leaves you with your pants around your ankles when saving a previous browsing session. The ability to restore a previous browsing session is something Safari is able to do, as can most other modern browsers, however the method by which these sessions are saved is anything but secure.
To save (and later restore) a browsing session, that data has to be saved. The problem with Safari is that it doesn't encrypt that data and instead stores your session in a standard plist file, making it that much easier to find and steal sensitive data such as the usernames and passwords you use to log into different websites.
The plist file itself is located in a hidden folder, but if a miscreant managed to dig it up, he or she would have full view of the complete authorized session despite the use of https, Securelist says. This includes websites like Facebook, LinkedIn, and even banking websites.
Securelist says it notified Apple of the issue and as of Safari 6.1, the vulnerability appears to have been fixed. If you're running Safari 6.0.5 on Mac OS X 10.7.5 or 10.8.5, be sure to update your Safari browser ASAP.
