Security Flaw in macOS Mojave Allows Safari History Access to Rogue Apps

Discovered by a Mac and iOS developer named Jeff Johnson, a security hole in macOS Mojave offers rogue apps full access to a users Safari browsing history, 9to5Mac is reporting. The flaw exists despite the fact that Apple has tightly locked down access to browsing history in macOS 10.14, which was previously available to any app freely.

Fortunately, the flaw is not exploitable by malicious code in sandboxed Mac apps, such as those from the Mac App Store, as they are unable to access folders outside of their containers.

Johnson, who worked on Knox and RSS reader Vienna before creating apps like StopTheMadness and Underpass, says that although this security hole doesn’t make Mojave any less secure than earlier versions of macOS, it just doesn’t make it more secure either:

Mojave provides special access to this folder for only a few apps, such as Finder. However, I’ve discovered a way to bypass these protections in Mojave and allow apps to look inside ~/Library/Safari without acquiring any permission from the system or from the user. There are no permission dialogs, It Just Works.™ In this way, a malware app could secretly violate a user’s privacy by examining their web browsing history […]

To use an analogy, what I’ve discovered is a way to bypass a lock. But still, having a locked door is more secure than having a door without a lock. Mojave has a flawed lock. High Sierra and earlier have no lock.

Johnson has already passed all the details of the Safari browsing history vulnerability to Apple and is expecting a possible fix in the near future.