Older versions of Safari for Mac store unencrypted user login credentials in a plain text file, according to security firm Kaspersky (via ZDNet). Safari saves the information in order to restore a previous browsing session, reopening all sites, even those that require authentication using the browser's "Reopen All Windows from Last Session" functionality.

safari_loophole_01

Plist file screenshot showing login credentials from Kaspersky

It turns out that Safari for Mac OS, like many other contemporary browsers, can restore the previous browsing session. In other words, all the sites that were open in the previous session – even those that required authorization – can be restored in a few simple steps when the browser is launched. Convenient? Of course. Safe? No, unfortunately.

Safari 6.0.5 for OS X 10.8.5 and 10.7.5 does not encrypt previous sessions, storing them instead in a standard LastSession.plist file that includes website usernames and passwords. Though the file is located in a hidden folder, it is still easily accessible and can be opened on any system.

Apple fixed this issue in Safari 6.1, which was released alongside OS X 10.9 Mavericks. Mac users running Mavericks or those who have installed the Safari 6.1 update for OS X 10.8 Mountain Lion or OS X 10.7 Lion will not be affected. This problem is limited to users running Safari 6.0.5 and can be remedied by upgrading to the latest software.

Top Rated Comments

john.jansen Avatar
john.jansen
143 months ago
Thats totally misleading, firstly there is no point in encrypting data which can be seen in the browser address bar when the previous session is restored. Secondly, those are url params, sent in plain text over the wire. The problem with the example shown is not at the browser end, its the site at the other end which uses url params for auth over http not https.

Storm in a teacup anyone?
Score: 22 Votes (Like | Disagree)
batchtaster Avatar
batchtaster
143 months ago
Has nobody looked at Firefox's Saved Passwords feature? Literally the only security is a button labeled "Show Passwords". And it's been that way for years.

Score: 11 Votes (Like | Disagree)
osx11 Avatar
osx11
143 months ago
Sometimes it amazes me how simple things like this go unnoticed for so long.
Score: 8 Votes (Like | Disagree)
cantona1995 Avatar
cantona1995
143 months ago
Has nobody looked at Firefox's Saved Passwords feature? Literally the only security is a button labeled "Show Passwords". And it's been that way for years.

Image (http://cdn2.brunocunha.com/blog/wp-content/uploads/2013/08/firefox-passwords.png)

But you need to enter the Master Password to see them and the file that contains the passwords on the filesystem has its contents encrypted so not the same at all
Score: 5 Votes (Like | Disagree)
iSee Avatar
iSee
143 months ago
Thats totally misleading, firstly there is no point in encrypting data which can be seen in the browser address bar when the previous session is restored. Secondly, those are url params, sent in plain text over the wire. The problem with the example shown is not at the browser end, its the site at the other end which uses url params for auth over http not https.

Storm in a teacup anyone?

BOOM! You just sunk Kaspersky's battle ship.
Score: 4 Votes (Like | Disagree)
rboerdijk Avatar
rboerdijk
143 months ago
<sarcasm on>
If the password is visible in plaintext, it means the NSA will catch more terrorists. So this is basically a good thing.
</sarcasm off>
Score: 4 Votes (Like | Disagree)
Read All Comments

Popular Stories

General Black Friday Deals 24 Green Tinsel

Apple Black Friday Deals Available Now: AirPods, iPads, and More

Friday November 22, 2024 5:28 am PST by
Black Friday 2024 is less than one week away, and as always the next few days will be the best time of the year to shop for great deals. Right now, this includes big savings on popular Apple products like AirPods, Apple Watch, MacBook Air, iPad, and more. Note: MacRumors is an affiliate partner with some of these vendors. When you click a link and make a purchase, we may receive a small...
Read Full Article38 comments
anker new xmas 1

Anker Kicks Off Massive Black Friday Sale With Up to 50% Off Sitewide, Free Gifts With Purchase, Mystery Boxes, and More

Thursday November 21, 2024 7:53 am PST by
Anker today kicked off its big Black Friday sale, which is set to run through December 9. This sale includes notable discounts on portable chargers, USB-C hubs, cables, and more. Note: MacRumors is an affiliate partner with Anker. When you click a link and make a purchase, we may receive a small payment, which helps us keep the site running. There are a few bonus offers during this event as ...
Read Full Article23 comments
iPhone SE 4 Thumb 1

iPhone SE 4 With Apple's Own 5G Modem 'Confirmed' to Launch in March

Tuesday November 19, 2024 12:12 pm PST by
Barclays analyst Tom O'Malley and his colleagues recently traveled to Asia to meet with various electronics manufacturers and suppliers. In a research note this week, outlining key takeaways from the trip, the analysts said they have "confirmed" that a fourth-generation iPhone SE with an Apple-designed 5G modem is slated to launch towards the end of the first quarter next year. In line with previo...
Read Full Article131 comments
Apple 2024 Black Friday Shopping Event feature

Apple Announces 2024 Black Friday Event, Offering Up to $200 Gift Card

Thursday November 21, 2024 5:10 am PST by
Apple's annual four-day Black Friday through Cyber Monday shopping event is returning on Friday, November 29 through Monday, December 2 in many countries, including the U.S., Canada, Australia, France, Germany, Italy, Spain, the U.K., and others. During the event, customers can get an Apple gift card with the purchase of an eligible product. In the U.S., for instance, Apple is including gift ...
Read Full Article69 comments
silo tv show apple tv plus

Apple TV+ Releasing Next Week's 'Silo' Episode Early

Friday November 22, 2024 7:25 am PST by
The next episode of Apple TV+'s award-winning sci-fi series "Silo" will be released early. Apple previously announced that new "Silo" episodes would be released on Fridays, but the third episode of the second season will instead be released on Wednesday, November 27. Apple has likely bumped up the date so that people can watch the episode during the U.S. Thanksgiving holiday on Thursday,...
Read Full Article63 comments
ipads early bf deals

7 Best Black Friday iPad Deals for 2024

Saturday November 23, 2024 1:44 pm PST by
We're less than one week away from Black Friday on November 29, and Best Buy and Amazon currently have all-time low prices across Apple's entire iPad lineup. This includes Apple's 9th and 10th generation iPad, iPad mini 7, iPad Air, and iPad Pro. Note: MacRumors is an affiliate partner with some of these vendors. When you click a link and make a purchase, we may receive a small payment, which...
Read Full Article16 comments
at t turbo indicator iphone 16 pro max v0 8hrh7w5f3w1e1

AT&T Turbo Indicator Showing Up in iPhone Status Bar for Subscribers

Wednesday November 20, 2024 3:42 am PST by
AT&T has begun displaying "Turbo" in the iPhone carrier label for customers subscribed to its premium network prioritization service, according to reports on Reddit. The new indicator seems to have started appearing after users updated to iOS 18.1.1, but that could be just coincidence. Image credit: Reddit user No_Highlight7476 The Turbo feature provides enhanced network performance through ...
Read Full Article108 comments
Generic iOS 19 Feature Mock

iOS 19's First New Feature Has Leaked

Friday November 22, 2024 6:22 am PST by
iOS 19 is not expected to be announced until June 2025, but the software update's first major new feature has already leaked. Bloomberg's Mark Gurman this week reported that iOS 19 will introduce a "more conversational Siri" powered by "more advanced large language models." He said this upgrade will make Siri more like OpenAI's ChatGPT, allowing the assistant to "handle more sophisticated...
Read Full Article