Watch out! MacOS vulnerability could expose your Safari browsing history
MacOS Mojave has been plagued by a security flaw, one that could expose your Safari browsing history. The bug exists in the security system of the OS and could be exploited through a malicious app. However, worry not, you are not at risk unless you have installed a non-sandboxed app from third-party sources. Here's more on the issue.
MacOS Mojave's security feature
In September 2018, Apple took MacOS security to a whole new level by introducing new privacy protections with Mojave 10.14. The features restricted apps' access to certain folders, thereby making it impossible to read their contents. But, just recently, developer Jeff Johnson found a loophole in these protections which makes the content easily accessible/readable, including those associated with Safari's browsing history.
Malicious apps could exploit this flaw, violate user privacy
"I've discovered a way to bypass these protections in Mojave and allow apps to look inside ~/Library/Safari," Johnson said about the flaw providing access to browsing history. The developer emphasized the method works with "hardened runtime" enabled and involves no permissions from the system or user. "In this way, a malware app could secretly violate a user's privacy by examining their web browsing history."
Fix might come soon
Johnson has shared details of the browser history bug with Apple, but as of now, it is not clear when the company might issue a fix. It could take a week or two, or maybe more. Until then, keep a tab on the apps you download on your Mac for keeping your browser history safe.
However, Mac App Store apps are safe
The issue could let apps capable of mining browsing history sneak onto your Mac, but do note that the problem could only occur in the case of non-sandboxed apps. This means as long as you are using official apps downloaded from Mac App Store, and not third parties, you're good to go. Even if there's no security risk, having sandboxed apps is always safer.
Going back to previous version isn't recommended
Also, don't try going back to macOS 10.13 High Sierra because that OS and older versions don't even have the protections that carry the flaw in questions. So, put simply, you won't be any safer there too.
