An attempt by Apple to protect the Safari browser log in macOS Mojave has a security hole that gives full access to a rogue app, says a Mac and IOS developer.
Before Mojave, your browser log was freely available to any app that looked into ~ / Library / Safari. However, in MacOS 10.14, Apple lay down so well that you can't even list the contents of Terminal – in theory …
Jeff Johnson, a developer who worked at Knox and RSS reader Vienna before creating StopTheMadness and Underpass, discovered a fault in the protection.
Mojave gives special access to this folder for just a few apps, such as the Finder. However, I have discovered a way to bypass these protections in Mojave and allow apps to look into
~ / Library / Safariwithout getting permission from the system or from the user. There is no permission dialog, It Just Works. ™ In this way, a malware app can secretly break the user's privacy by examining the browser log […]
My bypass works with "hardened runtime" enabled. Thus, an app with the ability to spy on Safari can be "notarized" by Apple (as long as it has passed its automated malware checks, which I suppose would not be a problem). My bypass doesn't work with sandboxed apps, as far as I can tell.
It's not a big problem, as sand-shipped Mac apps, such as those coming from the Mac App Store, can't access folders outside their containers, so this would not be exploited by malicious code in those apps. To be in danger, you need to authorize an app downloaded from elsewhere – something you should only do with a developer you trust.
It doesn't make Mojave any less than previous versions of macOS, only potentially no more sure Johnson said Threatpost.
To use an analogy, what I have discovered is a way to bypass a lock. But it is safer to have a locked door than to have a door without a lock. Mojave has an incorrect lock. High Sierra and earlier have no lock. On the High Sierra, there is no privacy protection for folders like ~ ~ / Library / Safari & # 39; so the technique I used at Mojave would also work on High Sierra, but it's not surprising for the High Sierra. The surprise is that the technique still works on Mojave.
Johnson says he has passed complete information on the vulnerability of Safari's browsing history to Apple, but expects a solution to take some time.