Mac, history on Safari at risk from hackers

A security researcher has discovered that anyone could access your Safari web history with simple malware. Apple is working to fix

Do you have a Mac and use Safari to browse the web? Then your privacy could be at risk. An as-yet-unpatched flaw within macOS Mojave, the latest version of the operating system for iMacs and Macbooks, allows anyone who wants to (with the proper technical skills, of course) to access the history of the bitten apple browser.

Apple has admitted that it is aware of the vulnerability affecting its operating system and is working to fix it. The thing, however, might take some time: as admitted Jeff Johnson, the security researcher who discovered the bug, finding a solution is not at all simple. In the meantime, what to do to protect your privacy while browsing? Probably, the only solution is to change browser, at least until Apple releases an ad hoc update. Of course, it is not known whether other browsers also suffer from the same vulnerability, but at the moment it seems to be the only "lifeline".

Safari history at risk, what's going on?

With macOS Mojave, Apple engineers and developers have introduced a new security feature designed to protect users' data. Thanks to this new tool, not all applications installed on the PC can access folders (and their contents) on the hard drive. It is not yet known for what reason, but the Safari folder on macOS Mojave is not protected by this feature, which means that other programs installed on the computer can access the browser folder and sift through the data stored inside it. Including the file history, of course.

According to Jeff Johnson, a cybercriminal could exploit this flaw to his advantage in a very simple way. It would be enough to infect the Mac with any malware to access the Safari folder and, consequently, the web history of the PC owner. All it would take is a spam or social engineering attack to "entice" the user to install the malware and that's it: from that moment on, it could spy on your every online activity silently and without asking for any other permission or authorization.