Since it’s the season of giving, here’s some information you’ll want to pass along to your flock of Mac users. According to Kapersky Labs, there is a huge gaping hole inside Apple’s default desktop browser, Safari. Although the company has only called it a “loophole”, we’re going to call it what it really is: A really easy way for someone to take all your passwords from you in one shot.
According to Kapersky Labs, this “loophole” is related to the way Safari handles saved sessions in the browser. A very useful feature that many of us take advantage of in other browsers like Chrome and FireFox. In order to save your session, the information from each tab, has to be stored somewhere, preferably somewhere secure, or remote, and encrypted. In the case of Safari’s implementation of a saved session, the information is not encrypted or secured off site, making it no security at all for this important data, which contains your passwords and your banking information. It needs to do this because it’s using this data to reconstruct the saved sessions that we find so useful.
Although the information is stored in a .plist file in a hidden folder, anyone that knows where to look, can find all the above mentioned information, which would grant them direct access to all your social media, email as well. It’s basically like leaving a key under your doormat at this point. And until Apple issues a statement, or a fix, we recommend that you clear out all your session history information like cookies, caches, history, and stop using Safari immediately. But of course, not before you download a replacement browser. Chrome or FireFox (or even Opera) come to mind.
Since Apple constantly advertises the fact that their systems are secure and virus proof, there will be a lot of Mac users out there as sitting ducks. It’s up to us to keep the people we care about safe. Make sure you pass along the info ASAP. Especially with all the holiday shopping happening at barely secure Internet cafes all around the world.
Note: The problem only affects OSX10.8.5 running Safari 6.0.5 (8536.30.1) and OSX10.7.5 with Safari 6.0.5 (7536.30.1).