Safari On Mac Now Vulnerable To Browser History Theft

March 14, 2019

Written by wukovits

safari on mac now vulnerable to browser history theftThere’s a new macOS security flaw you and your staff need to be aware of.  It was discovered by Jeff Johnson, the developer of the Underpass app for both Mac and iOS, and the StopTheMaddness Safari browser extension.

Fortunately, the new flaw is not one that can be exploited remotely.  Users would have to be tricked into installing a malicious app via social engineering or other tricks.

On the other hand, the flaw is critical and impacts all known macOS Mojave versions.

Mr. Johnson had this to say about the matter:

“On Mojave, certain folders have restricted access that is forbidden by default.  For example, ~/Library/Safari.  In the Terminal app, you can’t even list the contents of the folder.  However, I’ve discovered a way to bypass these protections in Mojave and allow apps to look inside ~/Library/Safari without acquiring any permission from the system or from the user.  There are no permission dialogs.  It Just Works.  In this way, a malware app could secretly violate a user’s privacy by examining their web browser history.”

Johnson reached out to Apple privately and shared the full details of the flaw, but refused to provide more details than the above to the general public, saying that since the issue has yet to be patched, he does not want to put macOS users at risk.

Although Apple has formally acknowledged his report, the company has to this point provided no information on some things. This includes what level of importance they’re giving a fix for the issue, and what their time frame might be in terms of issuing a fix.

It’s a serious issue, no doubt, but there’s a lack of public details about it. The fact that it can’t be executed remotely suggests it’s not as big a threat as it could be.  Even so, be mindful of it until Apple issues a fix.

Used with permission from Article Aggregator

Bayou Tech

We provide solutions for your business. Find out how we can help.

Related Articles

Key Considerations for Effective Cybersecurity Implementation

Consider this: In the realm of cybersecurity, things often get tangled in the web of "you should do it anyway" arguments. Yet, for busy business owners bombarded with daily "must-dos," deciphering the essentials from the fluff can feel like a cyber maze. We aim to...

Major Cyber Attack at OMV

Louisiana’s Office of Motor Vehicles (OMV) is one of a still undetermined number of government entities, major businesses, and organizations to be affected by an unprecedented Data Breach.There is no indication at this time that cyber attackers who breached MOVEit...

Send us a message

Your message was sent.