The flaw is discovered by application developer Jeff Johnson on February 8th, the vulnerability is unpatched at the time of writing and impacts all version of macOS Mojave, including macOS Mojave 10.14.3 Supplemental update released on February 7.
Johnson says that by default, Mojave provides access to this folder only for a few selected system apps, such as Finder.
However, Johnson discovered a way to bypass these restrictions in Mojave, to access ~/Library/Safari without needing any permission from the user or the system, and read users’ web browsing history.
“My bypass works with the ‘hardened runtime’ enabled,” Johnson said in a blog post published last week.
“There are no permission dialogs, It Just Works.™ In this way, a malware app could secretly violate a user’s privacy by examining their web browsing history.”
Johnson said he reported the issue to Apple’s security team, who has formally acknowledged his report. It would not get a patch until at least the next official release of Mojave.
Johnson has decided not to release technical details until the flaw is resolved. He also clarified that the privacy protection bypass he discovered has nothing at all to do with Safari extensions, as the issue impacts restricted folders and so could potentially impact all restricted folders on the macOS system, including ~/Library/Safari.
We will update this article as soon as we hear more from the researcher.