Cookies are a fundamental part of our everyday web access. We take them for granted and freely give websites access to relevant “cookies” in our browsers because they dramatically enhance our user experience. Cookies are considered “persistent” if they last beyond a single browser session. Persistent cookies remain in your browser until you explicitly erase them or your browser deletes them after a given duration (set by the site using the cookie).
Typical examples of websites that use persistent cookies are your favorite webmail sites like Gmail and Yahoo!. They use use persistent cookies to remember you, so you don’t have to log in every time you go to get your email.
Zscaler discovered a vulnerability in Apple’s recent OS X version (El Capitan), which enabled applications that did not have the appropriate privileges to access cookies stored in the Safari browser. This access could result in a malicious application lifting all the persistent cookies for a given user and accessing sites posing as that user. In the case of email (like those of the sites mentioned above), it could result in a malicious application getting access to all your email. Worse, it could gain access to a site that stores more personal and confidential information about you.
Today, Apple released a new update to El Capitan v10.11.6 with Security Update 2016-004 that addresses this vulnerability. More details of the release are here.
Some popular sites using persistent cookies include the following:
More information on websites using persistent cookies can be found at w3techs.com.
Stay up to date on the latest threats and trends by reading posts from the Zscaler Research Team’s blog.