RE: Apple Safari on MacOSX may reveal user's saved passwords
If I'm reading this correctly, there has to be a malicious user at the
console of a logged in computer (or connected in some other
authenticated way). If I have a malicious user at my console logged in
as me, I've got more problems than web form passwords being revealed.
Am I reading this incorrectly?
> Apple Safari on Macosx may reveal user's saved passwords. A local user
with
> legitimate access to the system is able to steal keychained password
by injecting
> javascripts into a loaded webpage via applescript.
> It seems that safari fails to validate the source of injected code,
however apple
> belives this is the correct behaviour so no fixes will be made
available.
討論串 (同標題文章)
完整討論串 (本文為第 1 之 5 篇):