AdGuard for Safari Logging Vulnerability on MacOS
Vulnerability
A privacy vulnerability exists in the AdGuard plugin for Safari on MacOS, prior to version 1.11.22. The issue arises because the plugin logged each URL accessed by Safari into the general MacOS logs, where they could be read by any unsandboxed process. This logging behavior has been disabled in version 1.11.22.
Impact
The vulnerability could lead to unintended exposure of a user's browsing history, as the logged URLs could be accessed by unsandboxed processes on the system.
Reproduction
The vulnerability can be reproduced by installing the AdGuard plugin for Safari on MacOS versions prior to 1.11.22. Once the plugin is active, it will log each URL accessed in Safari to the general MacOS logs. This log can be read by any unsandboxed process, exposing the user's browsing history.
Remediation
Users can update to AdGuard for Safari version 1.11.22 or later, available through the App Store.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.