Apple stands firm on their stance to evade efforts to repair a Safari bug that may be exploited to steal user passwords.
A flaw within a universal cross-site scripting (UXSS) issue is in question as a vulnerability in Apple's Safari browser identified by security researchers from Rapid7 was discovered. This particular flaw behind the .webacrchive file format happens to require specific direct user interaction before it leads to revealing saved passwords within the UXSS infrastructure.
Apple is relying on the fact that users are presented with a warning informing them that the "content was downloaded from a webpage before they open the file." This 'reasoning' is more than likely why Apple has chosen not to repair the Safari bug. Maybe Apple is preoccupied with conjuring up the next iPhone or iPad.
Having no patch or fix for this Safari Bug really leaves those who may go through the exact steps required to make their system vulnerable to an attack out in the cold. Security experts, for now, are advising users of Safari to avoid opening .webarchive files altogether.