Think the Safari Browser is Secure? Guess Again and Welcome to the Jungle Baby
Kaspersky Labs discovered through its Securelist division that Safari essentially leaves you with your pants around your ankles when saving a previous browsing session. The ability to restore a previous browsing session is something Safari is able to do, as can most other modern browsers, however the method by which these sessions are saved is anything but secure.
To save (and later restore) a browsing session, that data has to be saved. The problem with Safari is that it doesn't encrypt that data and instead stores your session in a standard plist file, making it that much easier to find and steal sensitive data such as the usernames and passwords you use to log into different websites.
The plist file itself is located in a hidden folder, but if a miscreant managed to dig it up, he or she would have full view of the complete authorized session despite the use of https, Securelist says. This includes websites like Facebook, LinkedIn, and even banking websites.
Securelist says it notified Apple of the issue and as of Safari 6.1, the vulnerability appears to have been fixed. If you're running Safari 6.0.5 on Mac OS X 10.7.5 or 10.8.5, be sure to update your Safari browser ASAP.