<<< Date Index >>>     <<< Thread Index >>>

RE: Apple Safari on MacOSX may reveal user's saved passwords



If I'm reading this correctly, there has to be a malicious user at the
console of a logged in computer (or connected in some other
authenticated way).  If I have a malicious user at my console logged in
as me, I've got more problems than web form passwords being revealed.

Am I reading this incorrectly?

> Apple Safari on Macosx may reveal user's saved passwords. A local user
with
> legitimate access to the system is able to steal keychained password
by injecting
> javascripts into a loaded webpage via applescript.
> It seems that safari fails to validate the source of injected code,
however apple
> belives this is the correct behaviour so no fixes will be made
available.