The fun folks at Kaspersky Labs' Securelist blog have found something nasty in Apple's Safari Browser, which they say lists user IDs and passwords in plaintext. Detailed here, the problem derives from Safari's retention of browser history as applied in the “Reopen All Windows from Last Session” feature that enables users to …

COMMENTS

House rules Send corrections

This topic is closed for new posts.

Monday 16th December 2013 06:03 GMT Joe Gurman

Fortunately....

....until the fruit company comes up with a patch for this issue, it's possible to go to full-disk encryption on OS X 10.7 and 10.8 systems:

http://support.apple.com/kb/HT4790?viewlocale=en_US&locale=en_US .

This is yet another good reason to do so.

2 1
1. Monday 16th December 2013 07:40 GMT Anonymous Coward
  
  Re: Fortunately....
  
  While I don't disagree with full disk encryption, it won't help in this situation. Once you've logged in (a requirement for any future nasty to read the file assuming it's running in your user space) the disk is made accessible by the OS so the nasty will be able to read it.
  
  7 0
2. Monday 16th December 2013 13:49 GMT Irongut
  
  Re: Fortunately....
  
  Because full disk encrpytion will stop this.
  
  Oh wait, no it won't. Idiot.
  
  3 1
Monday 16th December 2013 07:02 GMT Anonymous Coward

Small storm in a small tea cup I think.

3 2
1. Monday 16th December 2013 08:53 GMT Anonymous Coward
  
  Shirley they have to have pwned your machine already so it's game over...?
  
  3 0
Monday 16th December 2013 07:25 GMT bigfoot780

no longer supported

I thought apple had ceased development of safari on windows. I thought they'd done enough damage with itunes.

10 6
1. Monday 16th December 2013 07:41 GMT Anonymous Coward
  
  Re: no longer supported
  
  From the article you didn't read to the end:
  
  "the problem only affects OSX10.8.5 running Safari 6.0.5 (8536.30.1) and OSX10.7.5 with Safari 6.0.5 (7536.30.1)"
  
  2 0
  1. Monday 16th December 2013 08:56 GMT Anonymous Coward
    
    Re: no longer supported
    
    So it affects an old browser on their previous OS and your machine would already have to be infected / exploited to be able to take advantage of it?
    
    1 5
Monday 16th December 2013 07:43 GMT Amazon Wageslave

Apple forward thinking

Apple have got this covered by making Safari so fecking useless that people automatically install and use a different browser.

15 4
Monday 16th December 2013 08:17 GMT Adam 1

You're closing it wrong.

8 2

This topic is closed for new posts.

Topics

Special Features

Vendor Voice

Resources

User topics

Article topics

User topics

Article topics

Old Apple Safaris leave IDs and passwords for scavengers to peck

COMMENTS

Fortunately....

Re: Fortunately....

Re: Fortunately....

no longer supported

Re: no longer supported

Re: no longer supported

Apple forward thinking

Other stories you might like

Academics probe Apple's privacy settings and get lost and confused

Apple to allow some iPhones to be repaired with used parts

Apple's failure to duck UK antitrust probe could bring £785M windfall for devs

Japan turns up heat on Apple, Google with threat of hefty fines

Apple stops warning of 'state-sponsored' attacks, now alerts about 'mercenary spyware'

World is finally buying more phones and prices are rising

Apple cuts hundreds of jobs after ditching the car project and more

Apple's GoFetch silicon security fail was down to an obsession with speed

No joke: FTC boss goes on the Daily Show and is told Apple tried to block her

Apple fans deluged with phony password reset requests

TSMC's 3nm node powers up, setting stage for tech giants' next-gen chips

Woz calls out US lawmakers for TikTok ban: 'I don’t like the hypocrisy'

About Us

Our Websites

Your Privacy