This bug on Apple Safari can expose your browsing history and personal information

According to a new report, a software bug in Apple browser Safari 15 may allow any website to track your internet activity and even reveal your identity via macOS.

According to a new report, a software bug in Apple browser Safari 15 may allow any website to track your internet activity and even reveal your identity via macOS, iOS, and iPadOS 15. Your Google User ID could also be exposed to other websites due to the bug.

In this case, the vulnerability is also suspected to affect private mode viewing in the Safari 15 browser. FingerprintJS discovered the bug, a browser fingerprinting and fraud detection service, caused by an issue with Apple’s implementation of IndexedDB, an application programming interface (API) that stores data on your browser.

“IndexedDB is a browser API for client-side storage designed to hold significant amounts of data. It’s supported in all major browsers and is very commonly used,” FingerprintJS said in a statement.

According to the report, more than 30 websites interact with indexed databases directly on their homepage, with no additional user interaction or authentication required. The same-origin policy is a fundamental security mechanism that limits the ability of documents or scripts loaded from one origin to interact with resources from other sources.

For example, if you open your email account in one tab and then visit a malicious website in another, the same-origin policy prevents the malicious website from infecting your email.

“In Safari 15 on macOS, and all browsers on iOS and iPadOS 15, the IndexedDB API is violating the same-origin policy,” FingerprintJS said.

When a website interacts with a database, it creates a new (empty) database with the same name in all other active frames, tabs, and windows within the same browser session. Unless you switch to a different profile, such as in Chrome, or open a private window, windows and tabs usually share the same session.

This means that other websites can see the names of databases created on other sites containing information specific to your identity. FingerprintJS reported the leak, but there hasn’t been an update to Safari yet.

Source: IANS

For more such content, visit: https://bit.ly/2XkTP0P

--

--

--

India's Largest Tech Community | 4.2 Million+ Developers | Guinness World Record Winner | Limca Book of Records

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

More Hardware, More Problems

CafeSwap: Smart Contract Audit

Shocking Information Regarding WLAN Uncovered

Flash Stock Firmware on Samsung GALAXY J1 SM-J100G

Flash Stock Rom on Samsung Galaxy

HOW GOVERNMENT AGENCIES HAVE FALLEN BEHIND PRIVATE COMPANIES IN FRAUD PREVENTION

5 THINGS TO WATCH OUT — WHEN BUYING A DOMAIN

{UPDATE} Color by Music Hack Free Resources Generator

Hack The Box (Jerry)

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
TechGig

TechGig

India's Largest Tech Community | 4.2 Million+ Developers | Guinness World Record Winner | Limca Book of Records

More from Medium

Low Code / No Code With Apple Shortcuts an Expert Take

Be friend with your Terminal

How To Choose Your VPN To Boost Protection Against Cyberattacks — Just Gilbey IT Solutions Ltd

Have them all with Zsh & ZI