Researchers from Kaspersky they discovered a serious security flaw in some versions of Safari web browser of Apple. THE vulnerability can be exploited by hackers to gain access to user passwords.
Experts say the flaw - found in OSX 10.8.5, Safari 6.0.5 (8536.30.1) and OSX 10.7.5, Safari 6.0.5 (7536.30.1) - is due to the "Open all windows from the Last Time ”or“ Reopen All Windows from Last Session ”.
This feature allows users to restore previous tabs in the browser before it closes. The security snapshot automatically connects malicious use to every website that the legitimate owner of the computer has logged in.
This feature shows that Safari stores all this information it needs somewhere. So the researchers discovered a hidden folder containing all the sensitive stuff data. Unfortunately, Apple didn't take care to encrypt them.
This file, named LastSession.plist, displays all computer credentials in plain text.
So an attacker with physical access to the computer can get all of your information.
On the other hand, it is not at all difficult to develop a malicious program that will steal LastSession.plist.
Kaspersky says there is no indication that there is such a malware, however, experts believe it is only a matter of time until it appears.
