Kaspersky researchers have notified Apple of the security hole

Dec 13, 2013 10:44 GMT  ·  By

Kaspersky researchers have come across a serious security hole in some versions of Apple’s Safari web browser. The vulnerability can be leveraged by hackers to gain access to user passwords.

Experts say that the flaw – which impacts OSX10.8.5, Safari 6.0.5 (8536.30.1) and OSX10.7.5, Safari 6.0.5 (7536.30.1) – exists because of the “Reopen All Windows from Last Session” feature.

This feature allows users to restore their previous sessions to the exact way they were before the session was closed. This means that if you were logged in on a website before closing the session, when your restore the session, you will be automatically logged in.

However, for this to work, Safari needs to store the information somewhere. Everything is stored in a file located in a hidden folder. Unfortunately, the sensitive data is not encrypted.

The file in question, LastSession.plist, shows all user credentials in clear text.

“The system can easily open a plist file. It stores information about the saved session – including http requests encrypted using a simple Base64 encoding algorithm – in a structured format,” Vyacheslav Zakorzhevsky, a Kaspersky Lab expert, explained in a blog post.

A local attacker would have no problem in accessing the file. On the other hand, it’s also not difficult for a malicious program to access the file and retrieve credentials for social media and even online banking websites.

Kaspersky says that there’s no evidence that there is such a piece of malware out there. However, experts believe that it’s only a matter of time before one appears.

The IT security firm says it has notified Apple of the issue, but it hasn't revealed if the company plans on doing anything about it.

Until this issue is addressed, users of the aforementioned versions should consider utilizing another web browser.