Threat Watch

Bug Within macOS Allows Malicious Apps to Steal Browsing History

An app developer recently discovered a vulnerability that gives apps containing malware the opportunity to steal browsing history from Safari. The bug is known to affect all versions of macOS Mojave. In Mojave there are specific folders that cannot be accessed by default, such as ~/Library/Safari, but a few apps have access to the contents in this folder, such as Finder for example. The developer figured out how to bypass the Mojave restrictions and gain access to ~/Library/Safari because there are no permission dialogs. The bug is believed to come from a developer API and Apple now knows about it and says they will be investigating it.

ANALYST NOTES

At this time, there is no known way to mitigate this issue, however users should be slightly relieved to know that the vulnerability is only exploitable by a malicious app running on the system and cannot be done remotely.

Subscribe to Threat Watch

Daily summaries of threats, delivered straight to your inbox!


Click Here to Subscribe to Threat Watch
Facebook Twitter Instagram Youtube Linkedin
Solutions
Become a Reseller

Industries

Resources

About

Contact Us
Contact Support