Rixstep
 About | ACP | Buy | Industry Watch | Learning Curve | News | Products | Search | Substack
Home » Industry Watch

A ~/Library/Safari Security Hole?

Can you get in?


Get It

Try It

VAXHOLM (Rixstep) — Jeff Johnson reports that there's a security hole in Apple's protection of ~/Library/Safari. Many may not have realised there was anything unusual about the folder before now.

It may have been more widely known that Apple tried to limit access to ~/Library, but this only by setting a bit to prevent their 'Finder technology' from finding it.

At first glance, this 'protection' of ~/Library/Safari seems related to a 'reluctance' on the part of Apple's 'shell' to cooperate. For now, the only part involved seems to be Apple's Finder.

There don't seem to be any extraneous permission bits, flags, or ACEs on the directory.

And things work well from the command line as always.



The idea with limited access to ~/Library/Safari seems to be an attempt to protect sensitive files from dodgy software that may want to 'phone home' with salacious details? The idea with trying to hide things in ~/Library in the first place seems to be that Apple can't yet find a better place for their own storage needs.

Perhaps they should stick to /System and stop renting real estate from their users?

See Also
Lapcat: Spying on Safari in Mojave
TMO: macOS Flaw Exposes Safari Browsing History

About Rixstep

Stockholm/London-based Rixstep are a constellation of programmers and support staff from Radsoft Laboratories who tired of Windows vulnerabilities, Linux driver issues, and cursing x86 hardware all day long. Rixstep have many years of experience behind their efforts, with teaching and consulting credentials from the likes of British Aerospace, General Electric, Lockheed Martin, Lloyds TSB, SAAB Defence Systems, British Broadcasting Corporation, Barclays Bank, IBM, Microsoft, and Sony/Ericsson.

Rixstep and Radsoft products are or have been in use by Sweden's Royal Mail, Sony/Ericsson, the US Department of Defense, the offices of the US Supreme Court, the Government of Western Australia, the German Federal Police, Verizon Wireless, Los Alamos National Laboratory, Microsoft Corporation, the New York Times, Apple Inc, Oxford University, and hundreds of research institutes around the globe. See here.

All Content and Software Copyright © Rixstep. All Rights Reserved.

CONTACT INFO:
John Cattelin
Media Contact
contact@rixstep.com		PURCHASE INFO:
ACP/Xfile licences
User/Family/Business
http://rixstep.com/buy
About | ACP | Buy | Industry Watch | Learning Curve | News | Products | Search | Substack
Copyright © Rixstep. All rights reserved.