User profile for user: moi160
moi160 Author
User level: Level 1
69 points

Safari compromises keychain security

Safari's complete history deletion erases keychain passwords in total violation of Apple's security guarantee. The application displays a request for keychain access and systematically deletes the data, even if access is refused.



This very serious problem was first detected with Safari 17.0 under Ventura 13.6 (Safari 17.0 clear history command deletes… - Apple Community) It still persists with Safari 17.2.1 under Sonoma 14.2.1.


Two security reports have been sent to Apple. The response is edifying: here it is, verbatim:

Thanks for your report. Although we have determined that it doesn’t have security implications that affect our products or services, we appreciate you taking the time to report it to us. If you have additional info that you’d like us to consider, you can include it below, and we’ll let you know if we review the report again.

Apple Product Security

Is apple messing with us?


Alain



Posted on Dec 20, 2023 4:37 AM

Reply
1 reply
User profile for user: leroydouglas
leroydouglas
User level: Level 10
200,652 points

Dec 20, 2023 9:32 AM in response to moi160

moi160 wrote:

Safari's complete history deletion erases keychain passwords in total violation of Apple's security guarantee. The application displays a request for keychain access and systematically deletes the data, even if access is refused.


https://discussions.apple.com/content/attachment/3ab4fb22-358a-4754-867a-bbbc87310c98

This very serious problem was first detected with Safari 17.0 under Ventura 13.6 (Safari 17.0 clear history command deletes… - Apple Community) It still persists with Safari 17.2.1 under Sonoma 14.2.1.

Two security reports have been sent to Apple. The response is edifying: here it is, verbatim:

Thanks for your report. Although we have determined that it doesn’t have security implications that affect our products or services, we appreciate you taking the time to report it to us. If you have additional info that you’d like us to consider, you can include it below, and we’ll let you know if we review the report again.

Apple Product Security
Is apple messing with us?

Alain




I never tried deleting complete history—


my only recommendation don't remove or delete complete history in your Safari browser if it is an issue.



Keychain Access.app stores passwords you can look there


ref: Keychain Access User Guide for Mac





Call Customer Support (800) MY–APPLE (800–692–7753)

or on line https://getsupport.apple.com/


Outside the USA—Contact Apple for support and service by phone

See a list of Apple phone numbers around the world.

Contact Apple for support and service - Apple Support



Communauté d’assistance Apple officielle

Apple Support Communities - French






Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

Safari compromises keychain security

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up