Apple News

Apple fixing known Safari fingerprinting bug that allows

AppleInsider is supported by its audience and may earn commission as an Amazon Associate and affiliate partner on qualifying purchases. These affiliate partnerships do not influence our editorial content.

Apple is working on a fix for a known bug in Safari that allows websites to view a user’s browsing history and Google ID.

On Sunday, it was reported that researchers had found an issue with the way Apple had implemented IndexedDB API in Safari 15. The bug would allow any website to track a browser’s internet activity, and potentially determine a user’s identity.

IndexedDB is a browser API used by major web browsers as client-side storage, holding data such as databases. Usually, the use of a “same-origin policy” will limit what data can be accessed by which website, and typically makes it so that a site can only access data that it generated, not those of other sites.

In the case of Safari 15 for macOS, iOS, and iPadOS, it was found that IndexedDB is violating the same-origin policy. The researchers claim that whenever a website interacts with its database, a new empty database using the same name is created “in all other active frames, tabs, and windows within the same browser session.”

Protecting Yourself

Due to the way the problem manifests, there’s little that Safari users can do about the issue. It is possible to block JavaScript by default but enable it only on trusted sites, which may harm the browsing experience.

Another alternative is to use a different browser as a temporary measure.

Ultimately, the researchers admit, “the only real protection is to update your browser or OS once the issue is resolved by Apple.”

Source link

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button