There are no permission dialogues for apps in certain folders for MacOS Mojave, which allows a malicious app to spy on browsing histories. The flaw exists in every version of the Mac s Mojave operating system, including Mojave 10.14.3 Supplemental Update recently released on Feb. 7. There is no patch/remediation available at the time of this writing, but Apple has acknowledged the vulnerability, but Johnson told Threatpost he expects it will take them some time to release an update with a fix.
Source: https://threatpost.com/apple-macos-safari-spy/141775/