Turns out the latest Safari is still vulnerable.

wchen-r7 · wchen-r7 · commit 78db7429d071 · 2013-12-24T19:27:45.000-06:00
The version check is currently disabled because turns out the latest
Safari (6.1.1) is still vulnerable - I can still loot it in plain
text.
diff --git a/modules/post/osx/gather/safari_lastsession.rb b/modules/post/osx/gather/safari_lastsession.rb
@@ -183,6 +183,7 @@ def run
     #
     # If this is an unpatched version, we try to extract creds
     #
+=begin
     version = get_safari_version
     if version.blank?
       print_warning("Unable to determine Safari version, will try to extract creds anyway")
@@ -192,6 +193,7 @@ def run
     else
       vprint_status("#{peer} - Safari version: #{version}")
     end
+=end
 
     #
     # Attempts to convert the XML file to an actual XML object, with the <array> element

Original file line number	Diff line number	Diff line change
`@@ -183,6 +183,7 @@ def run`
`183`	`183`	`#`
`184`	`184`	`# If this is an unpatched version, we try to extract creds`
`185`	`185`	`#`
	`186`	`+=begin`
`186`	`187`	`version = get_safari_version`
`187`	`188`	`if version.blank?`
`188`	`189`	`print_warning("Unable to determine Safari version, will try to extract creds anyway")`
`@@ -192,6 +193,7 @@ def run`
`192`	`193`	`else`
`193`	`194`	`vprint_status("#{peer} - Safari version: #{version}")`
`194`	`195`	`end`
	`196`	`+=end`
`195`	`197`
`196`	`198`	`#`
`197`	`199`	`# Attempts to convert the XML file to an actual XML object, with the <array> element`