Safari 6.0.5 flaw can expose website passwords
Kaspersky Labs' Vyachaslav Zakorzhevsky said Safari “doesn't encrypt previous sessions and stores them in a standard plist file that is freely accessible. As a result, it's easy to find a user's login credentials.”
The file that holds site and session data is tucked away in a hidden folder, but that doesn't keep the information safe from anyone with more than a rudimentary understanding of OS X.
The upside is that Apple has fixed the security flaw as of Safari 6.1, which is the version of the browser that ships with OS X 10.9 Mavericks. There's also a Safari 6.1 update for OS X Mountain Lion, although the Kaspersky report fails to mention that either is available.
While the security flaw shouldn't have ever been there, Apple has corrected the issue with the release of OS X Mavericks and through a software update for Mountain Lion. If your Mac runs Mavericks, the security flaw isn't there, and Mountain Lion users that regularly run Software Update have been safe since October, too.