On Friday, the guys and girls at Kaspersky Security (since they’re not just an Anti-Virus company anymore) discovered a gaping ‘loophole’ in Safari’s security. Most notably, the way that Safari handles a user’s user IDs and passwords when restoring their previously closed windows in the browser. While I’m not sure why the people at Kaspersky would so generously call it a ‘loophole’ rather than a vulnerability, exploit or a security flaw, there is no doubt that there is a security issue with Apple’s Safari browser.
Security researcher Vyacheslav Zakorzhevsky, yeah, that’s a mouthful and I’m Russian, reported in his blog post on the details of the vulnerability. According to him, Safari’s recovery of previous browsing sessions to re-open tabs used in a previous session is very useful but not secure at all. As with all browsers, in order to recover a previous browsing session, that data must be stored somewhere secure and difficult to find. However, Safari’s implementation of this feature doesn’t encrypt the previous session’s data and is stored in a standard plist file that is freely acessible. He states that as a result, it is easy to find a user’s login credientials.
As a result, the users complete authorized session on the site is saved in that file and consequentially, unencrypted for anyone that knows where to look to see. The file itself is located in a hidden folder but is available for anyone to read if they know where to look. This would essentially mean that anyone attacking an Apple computer would immediately search for this plist file inside of Safari’s hidden folder and could potentially gain access to a users’s email, social media, and banking info without having to break any sort of encryption.
Furthermore, since so many Apple users are under the impression that the OSX operating system running on Macs is impervious to viruses (thanks Apple), many people using OSX and Safari will never know that they’ve been infected or that this information is readily accessible. The researchers at Kaspersky have already notified Apple regarding the issue and cannot confirm whether or not they have seen any malicious code (viruses) that has attempted to exploit this hole. Yet.
So, if you want to be safe when browsing on a Mac, use FireFox or Chrome. They’re better anyways.