Security hole in macOS Mojave allows rogue apps to access your Safari browsing history

“An attempt by Apple to protect your Safari browsing history in macOS Mojave has a security hole which allows full access by a rogue app, says a Mac and iOS developer,” Ben Lovejoy writes for 9to5Mac.

“Prior to Mojave, your browsing history was freely available to any app that looked inside ~/Library/Safari. In macOS 10.14, however, Apple locked down access so tightly that you can’t even list the contents in Terminal – in theory,” Lovejoy writes. “Jeff Johnson, a developer who worked on Knox and RSS reader Vienna before creating StopTheMadness and Underpass, discovered a flaw in the protection.”

“It’s not a huge issue, as sandboxed Mac apps, like those from the Mac App Store, are unable to access folders outside of their containers, so this wouldn’t be exploitable by malicious code in those apps. To be at risk, you’d have to authorize an app downloaded from elsewhere – which is something you should only ever do with a developer you trust,” Lovejoy writes. “Johnson says he has passed full details of the Safari browsing history vulnerability to Apple, but expects a fix to take some time.”

Read more in the full article here.

MacDailyNews Note: Johnson explains further:

Don’t Panic. Mojave privacy protection is a new feature in macOS 10.14. Any weakness in the privacy protection is simply a flaw in the new feature. You’re as safe on Mojave as you were on High Sierra, which did not have this feature at all. You just might not be safer on Mojave than you were on High Sierra.


    1. How would the average user know he/she was running a nefarious app? It’s not like the developer is going to tell the user that the app is accessing browser history…

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.