* SUMMARY Prior to Mac OS X 10.5.2, a user's CFNetwork caches were written to "~/Library/Caches". In Mac OS X 10.5.2, they were moved to "/private/var/folders/[random characters]/-Caches-". This is a huge security issue for FileVault users, because "~/Library/Caches" is encrypted by FileVault, whereas "/private/var/folder" is not. * STEPS TO REPRODUCE 1. Create FileVault account. 2. Login to FileVault account. 3. Launch Safari. 4. Browse some web pages. 5. Logout of FileVault account. * RESULTS There is an unencrypted file at "/private/var/folders/[random characters]/-Caches-/com.apple.Safari/Cache.db" that can contain sensitive information about your web browsing session. Anyone with physical access to your machine could read that file, even when the FileVault account is logged out. * REGRESSION According to http://lists.apple.com/archives/Webkitsdk-dev/2008/Apr/msg00032.html this security issue was introduced in Mac OS X 10.5.2. * NOTES For more information, see the thread at http://lists.apple.com/archives/Macnetworkprog/2008/Apr/msg00033.html 19-May-2009 Jeff Johnson: Was this fixed in Mac OS X 10.5.7? It seems that the cache location has changed in that update. 28-May-2009: Yes, we fixed this in 10.5.7.