Safari On Mac Now Vulnerable To Browser History Theft

There’s a new macOS security flaw you and your staff need to be aware of.  It was discovered by Jeff Johnson, the developer of the Underpass app for both Mac and iOS, and the StopTheMaddness Safari browser extension.

Fortunately, the new flaw is not one that can be exploited remotely.  Users would have to be tricked into installing a malicious app via social engineering or other tricks.

On the other hand, the flaw is critical and impacts all known macOS Mojave versions.

Mr. Johnson had this to say about the matter:

“On Mojave, certain folders have restricted access that is forbidden by default.  For example, ~/Library/Safari.  In the Terminal app, you can’t even list the contents of the folder.  However, I’ve discovered a way to bypass these protections in Mojave and allow apps to look inside ~/Library/Safari without acquiring any permission from the system or from the user.  There are no permission dialogs.  It Just Works.  In this way, a malware app could secretly violate a user’s privacy by examining their web browser history.”

Johnson reached out to Apple privately and shared the full details of the flaw, but refused to provide more details than the above to the general public, saying that since the issue has yet to be patched, he does not want to put macOS users at risk.

Although Apple has formally acknowledged his report, the company has to this point provided no information on some things. This includes what level of importance they’re giving a fix for the issue, and what their time frame might be in terms of issuing a fix.

It’s a serious issue, no doubt, but there’s a lack of public details about it. The fact that it can’t be executed remotely suggests it’s not as big a threat as it could be.  Even so, be mindful of it until Apple issues a fix.