User profile for user: moi160
moi160 Author
User level: Level 1
69 points

Safari 17.0 clear history command deletes passwords in keychains

Hello,


Since the Safari 17.0 update under Ventura 13.6, I notice a problem with the "Clear history" menu command. When clearing history with the "all history" option, Safari ask for a keychain password (I use several keychains other than the session one and which are locked by default).

Whether I enter the keychain password or not, Safari randomly deletes a web site password from one of the keychains each time the history is cleared.


Fortunately, since a similar problem with keychains encountered under Catalina (Passwords in Keychain Keep Getting Deleted - Apple Community resolved by Apple since) I systematically make copies of my keychains.

Moving keychains to a subfolder also prevents them from being modified by Safari.


The problem occurs on my two different machines.

The Safari 17.0 update appears to be causing the issue although it was followed immediately by the 13.6 security update. Perhaps should it be looked around also ?


Is anyone else experiencing the same problem ?


Notes:

  • MacOS Ventura 13.6
  • MacBook Pro (MacBookPro13 2018 Thunderbolt 3) & MacBook Air (M1, 2020)
  • Safari Version 17.0
  • iCloud *not* used to sync the keychain


MacBook Pro 13″, macOS 13.6

Posted on Oct 13, 2023 1:12 PM

Reply
Question marked as Top-ranking reply
User profile for user: moi160
moi160 Author
User level: Level 1
69 points

Posted on Nov 7, 2023 12:31 AM

Hello Tristan_R


I opened an Apple security research report (number OE1924096249891) but no help was given by Apple:


1st answer: "This doesn't seem to happen on the latest version of macOS Sonoma 14.1 so far. If this is happening with you, could you please show the keychain in Keychain Access to contextualize the data deleted there?"

2nd answer: "Please let us know. If you are able to reproduce this problem in the future, please let us know."


As requested by Apple, I made screen recordings showing clearly that each time the history was cleared in Safari, a new website password (secure notes and application passwords are not affected) was deleted in a seemingly random order.


No help has been forthcoming from Apple. I too have updated to Ventura 13.6.1 with Safari 17.1 to no avail. Then it occurred to me to download Ventura from the AppStore and reinstall it. I then noticed on my M1 processor Mac that the Safari version supplied was no longer 17.1 but 16.6. Curiously, the same procedure on an Intel processor installs Safari 17.1. But in both cases, after this "offline" reinstallation of the system, the password deletion problem stopped.


Have you tried reinstalling Ventura from the AppStore archive?


Alain

View in context

Similar questions

20 replies
Question marked as Top-ranking reply
User profile for user: moi160
moi160 Author
User level: Level 1
69 points

Nov 7, 2023 12:31 AM in response to Tristan_R

Hello Tristan_R


I opened an Apple security research report (number OE1924096249891) but no help was given by Apple:


1st answer: "This doesn't seem to happen on the latest version of macOS Sonoma 14.1 so far. If this is happening with you, could you please show the keychain in Keychain Access to contextualize the data deleted there?"

2nd answer: "Please let us know. If you are able to reproduce this problem in the future, please let us know."


As requested by Apple, I made screen recordings showing clearly that each time the history was cleared in Safari, a new website password (secure notes and application passwords are not affected) was deleted in a seemingly random order.


No help has been forthcoming from Apple. I too have updated to Ventura 13.6.1 with Safari 17.1 to no avail. Then it occurred to me to download Ventura from the AppStore and reinstall it. I then noticed on my M1 processor Mac that the Safari version supplied was no longer 17.1 but 16.6. Curiously, the same procedure on an Intel processor installs Safari 17.1. But in both cases, after this "offline" reinstallation of the system, the password deletion problem stopped.


Have you tried reinstalling Ventura from the AppStore archive?


Alain

Reply
User profile for user: moi160
moi160 Author
User level: Level 1
69 points

Nov 7, 2023 2:24 AM in response to Tristan_R

Hello Tristan,


Reinstalling the system with the AppStore archive is similar to reinstalling the system in Recovery mode, except that in this case the Mac's original system is proposed. Since Catalina, the system is separated from the data in two APFS containers, and Safari is no longer an application that can be installed or uninstalled, but a system component. Only the system container is reinstalled, while the second, which contains your own applications, settings and preferences (what you save with Time Machine), remains untouched.


As I own (both personally and professionally) several generations of Macs, I've made a habit of archiving the latest downloadable version of each system. Ventura 13.6.1 is still available on the Appstore.


For your information, I've just installed Sonoma 14.1 on my MacBookAir M1. Everything seems to work fine, no problem with keychains. Nevertheless, this keychain violation by the system itself is a serious security flaw that Apple shouldn't take lightly, especially as it's not the first time it's happened (have a look to discussions.apple.com/thread/250948138, discussions.apple.com/thread/250848128, discussions.apple.com/thread/250722178).


Regards,

Alain

Reply
User profile for user: Tristan_R
Tristan_R
User level: Level 1
13 points

Nov 6, 2023 6:07 AM in response to moi160

Hello,


I have the same exact problem on my MacBook Pro M1 Pro 2021 since Safari 17.0 update (running on MacOS 13.6, iCloud *not* used to sync the keychain). When clearing history with the "all history" option, Safari deletes a keychain password (a SMB password in my case).

I updated my MacBook Pro today to MacOS 13.6.1 and Safari 17.1 but the issue is still present.


Any solution from Apple Support would be appreciated as the issue is clearly causes by Safari 17.x updates !


@moi160: how did you update from the offline archive (AppStore) ? Since MacOS 13.6.1 is already up to date on my MacBook Pro, I think I won't be apple to reinstall this update from the offline archive. But it could be a solution for the next update...

Reply
User profile for user: Tristan_R
Tristan_R
User level: Level 1
13 points

Nov 7, 2023 5:09 AM in response to moi160

Hello Alain,


Thank you again for your help.

In my case, a reinstallation similar to reinstalling the system in Recovery mode will definitely result in the deletion of a specific partition that I created after I first install my MacBook Pro.

On this partition, I usually store all my personal data like documents, pictures, apps « .dmg » disk images fles for future reinstallation, …

This is a habit I’ve had with all my Mac for a very long time, probably because I come from the Windows world 😉, and also because I don’t use Time Machine backups.

Every time I restore the system to factory settings, this partition gets deleted in the process and I then have to recreate it. I think reinstalling the system via the AppStore archive will probably do the same thing …


Well, because the « Safari 17.x issue » only affects my NAS Network share password in the keychain, I think the best solution for me now is to update my MacBook to MacOS Sonoma (maybe not the current 14.1 version => I will wait for the next update) and do a system restore afterwards (via the option « Erase All Content and Settings » available from MacOS Monterey). It will almost be like a clean install.


Regards,


Tristan

Reply
User profile for user: moi160
moi160 Author
User level: Level 1
69 points

Nov 7, 2023 9:52 AM in response to Tristan_R

Hi Tristan,


I think you're confusing restoring the Mac to its original configuration with reinstalling the system. Perhaps I misspoke, I apologize. I was talking about restoring the system in recovery mode, not restoring the Mac to factory configuration. I don't see how reinstalling the system could erase your personal partition, because since BigSur this partition only concerns your data and not the system, whose Apple-specific files will be reinstalled. The only difference between the online updater and the Appstore archive seems to be the Safari version, which in our case solves the keychain violation problem.


But I would not want to be responsible for the loss of your data if you think that reinstalling the system will erase your partition, I just don't understand how because the APFS container involved is not the same. From my experience, Sonoma 14.1 is fully compatible with all my applications, except with Intaglio, an old unsupported software since 2017.


Regards

Alain


Reply
User profile for user: Tristan_R
Tristan_R
User level: Level 1
13 points

Nov 7, 2023 1:41 AM in response to moi160

Hello Alain,


Thank you very much for your answer!

No I haven’t tried reinstalling Ventura from the AppStore archive. I thought that if my system was already up to date, it was not possible to reinstall the update via this method. I can actually try that.


But before to proceed, I have an important question: what exactly dors reinstalling from AppleStore archive do? Is it like a full system restore with the loss of all my settings, apps, passwords, personal data, …, and the erasure of the system HDD? Or is it just an update « on » the update => nothing is erased during the procedure and the system is simply « updated » again?


I don’t want to do a full reinstallation of Ventura now, and lose all my data, since MacOS Sonoma is now available and I usualy do a full system restore to the last OS when it is more stable (Sonoma 14.3 or 14.4 for example).


Thank you very much in advance for your help!


Tristan

Reply
User profile for user: Tristan_R
Tristan_R
User level: Level 1
13 points

Nov 8, 2023 1:37 AM in response to moi160

Hi Alain,


Sorry for my late reply.

You are right: I was confusing restoring the Mac to its original configuration (where only system files are restored to the specific container on the Macintosh HD partition) and restoring to factory settings where all containers and partitions are erased. I found many documents on Apple Support site that explain the differences between these two procedures perfectly. I’ve no doubt that your solution will work without any problem and it won’t delete my specific partition.

I will then wait for the next Ventura update (13.6.2) and will proceed with restoring my Mac with the offline installer. Or, if no new update for Ventura is released in the next few weeks, I will update to Sonoma like you did.


I have however one regret: we will never know what causes this Keychain problem in Safari 17 and why reinstalling an update via the AppStore archive does not produce exactly the same update as via Software Update …


Thanks again for you support!


Regards,


Tristan


PS: your name « Alain » is a French name. Do you live in France like me? Of course you don’t have to answer if you don’t want 😉.

Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

Safari 17.0 clear history command deletes passwords in keychains

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up