Passwords are what identify us in a web. Thanks to them we can log in and make known to the system that we really are and not someone else who is trying to impersonate our identity. Therefore, passwords are one of the aspects most targeted by hackers and either through or malware exploiting vulnerabilities detected in certain applications, looking for ways to seize them.
On this occasion the web Apple Safari browser, has suffered a fairly serious vulnerability that could allow an attacker to exploit the browser for user passwords are stored on it.
The vulnerability in question is found in the actions that Safari takes to close a session and restore it later. Any browser should save the open sessions in a directory so that in case of closure, can be restored. The problem is that Safari saves sessions in a plist file should be encrypted but it is not, actually. Anyone could access this file and have access to the accounts that were open in the browser.
The role of “reopen all tabs from last session” loads the file LastSession.plist is where the passwords of all open sessions of the tabs are stored. This can be dangerous because, although these files are stored in hidden folders, any user or malware can access it, retrieve and access passwords.
For now, the only version of Safari affected by this vulnerability is Safari 6.0.5. Apple is likely not to refresh your browser later and fix this vulnerability by applying an encryption or hiding the session data in other ways to prevent access.
From our blog recommend Safari users using another browser until Apple update your browser and you can avoid such easy access to passwords.
Do you use Safari? Have you already taken the necessary steps to prevent a hacker can access your passwords?