Trending

Stories

Apple Safari 15 Bug Can Leak Your Browsing Activity, Personal Data

Must Read

According to a new report, a software bug in Apple browser Safari 15 may let any website track your internet activity and even reveal your identity via macOS, iOS, and iPadOS 15. The bug could also expose your Google User ID to other websites.

In this case, private mode viewing in Safari 15 browser is also suspected to be affected by the vulnerability.

Also Read

FingerprintJS, a browser fingerprinting and fraud detection service, found that the bug stems from an issue with Apple’s implementation of IndexedDB, an application programming interface (API) that stores data on your browser.

“IndexedDB is a browser API for client-side storage designed to hold significant amounts of data. It’s supported in all major browsers and is very commonly used,” FingerprintJS said in a statement.

The report said that more than 30 websites interact with indexed databases directly on their homepage, without any additional user interaction or the need to authenticate.

“We suspect this number to be significantly higher in real-world scenarios as websites can interact with databases on subpages, after specific user actions, or on authenticated parts of the page,” said the FingerprintJS team.

Like most modern web browser technologies, IndexedDB follows the same-origin policy.

The same-origin policy is a fundamental security mechanism that restricts how documents or scripts loaded from one origin can interact with resources from other origins.

For example, if you open your email account in one tab and then open a malicious webpage in another, the same-origin policy prevents the malicious page from infecting your email.

“In Safari 15 on macOS, and in all browsers on iOS and iPadOS 15, the IndexedDB API is violating the same-origin policy,” FingerprintJS said.

Every time a website interacts with a database, a new (empty) database with the same name is created in all other active frames, tabs, and windows within the same browser session.

Windows and tabs usually share the same session unless you switch to a different profile, in Chrome for example, or open a private window.

This means other websites can see the name of other databases created on other sites, which could contain details specific to your identity.

FingerprintJS reported the leak but there hasn’t been an update to Safari yet.

“The fact that database names leak across different origins is an obvious privacy violation. It lets arbitrary websites learn what websites the user visits in different tabs or windows,” they said.

Stay updated

Subscribe to our newsletter and never miss an update on the latest tech, gaming, startup, how to guide, deals and more.

Latest

Stories

- Advertisement -
- Advertisement -

Latest

Grow Your Business

Place your brand in front of tech-savvy audience. Partner with us to build brand awareness, increase website traffic, generate qualified leads, and grow your business.

- Advertisement -

Related

- Advertisement -
- Advertisement -
Xiaomi 13 Ultra Global Launch: Offers, Price, Specs Meta Unveils Quest 3 VR Headset, Reduces Price for Quest 2 Foxconn to Manufacture iPhones in Karnataka, India: Creating 50,000 Jobs Amazon Echo Pop: Stylish Semi-Sphere Smart Speaker in India Redmi Display A27: Affordable 27 Inches Monitor with 100Hz Refresh Apple Music Classical App Now Available on Android WhatsApp’s Companion Mode: Same Account, Multiple Devices Nvidia & MediaTek Collaborate on Connected Car Tech Sony Unveils Project Q: A Next-Gen Handheld Game Console Snapchat Hits 200M+ Users in India, Introduces AI Chatbot
Xiaomi 13 Ultra Global Launch: Offers, Price, Specs Meta Unveils Quest 3 VR Headset, Reduces Price for Quest 2 Foxconn to Manufacture iPhones in Karnataka, India: Creating 50,000 Jobs Amazon Echo Pop: Stylish Semi-Sphere Smart Speaker in India Redmi Display A27: Affordable 27 Inches Monitor with 100Hz Refresh Apple Music Classical App Now Available on Android WhatsApp’s Companion Mode: Same Account, Multiple Devices Nvidia & MediaTek Collaborate on Connected Car Tech