Safari browsing history accessible by rogue apps

An attempt by Apple to protect your Safari browsing history in macOS Mojave has a security hole which allows full access by a rogue app, says a Mac and iOS developer.

Prior to Mojave, your browsing history was freely available to any app that looked inside  ~/Library/Safari. In macOS 10.14, however, Apple locked down access so tightly that you can’t even list the contents in Terminal – in theory …

Jeff Johnson, a developer who worked on Knox and RSS reader Vienna before creating StopTheMadness and Underpass, discovered a flaw in the protection.

Mojave provides special access to this folder for only a few apps, such as Finder. However, I’ve discovered a way to bypass these protections in Mojave and allow apps to look inside ~/Library/Safari without acquiring any permission from the system or from the user. There are no permission dialogs, It Just Works.™ In this way, a malware app could secretly violate a user’s privacy by examining their web browsing history […]

My bypass works with the “hardened runtime” enabled. Thus, an app with the ability to spy on Safari could be “notarized” by Apple (as long as it passed their automated malware checks, which I suspect would be no problem). My bypass does not work with sandboxed apps, as far as I can tell.

It’s not a huge issue, as sandboxed Mac apps, like those from the Mac App Store, are unable to access folders outside of their containers, so this wouldn’t be exploitable by malicious code in those apps. To be at risk, you’d have to authorize an app downloaded from elsewhere – which is something you should only ever do with a developer you trust.

It also doesn’t make Mojave any less secure than earlier versions of macOS, just potentially no more secure, Johnson told Threatpost.

To use an analogy, what I’ve discovered is a way to bypass a lock. But still, having a locked door is more secure than having a door without a lock. Mojave has a flawed lock. High Sierra and earlier have no lock. On High Sierra there is no privacy protection for folders such as ‘~/Library/Safari’, so the technique I used on Mojave would also work on High Sierra, but that’s not surprising for High Sierra. The surprise is that the technique still works on Mojave.

Johnson says he has passed full details of the Safari browsing history vulnerability to Apple, but expects a fix to take some time.

FTC: We use income earning auto affiliate links. More.

Check out 9to5Mac on YouTube for more Apple news:

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

About the Author

Ben Lovejoy

Ben Lovejoy is a British technology writer and EU Editor for 9to5Mac. He’s known for his op-eds and diary pieces, exploring his experience of Apple products over time, for a more rounded review. He also writes fiction, with two technothriller novels, a couple of SF shorts and a rom-com!

Ben Lovejoy's favorite gear