Mac

Safari 15 bug leaks your browsing history

M

Safari 15 bug leaks your browsing history Safari 15 bug leaks your browsing history

Last week, a browser fingerprinting service FingerprintJS reported a Safari 15 bug that affects data leaks in iOS 15 and macOS Monterey. This crucial issue relates to the WebKit implementation of the IndexedDB JavaScript API that is used for storing data. Simply put, any IndexedDB-based website can get access to your browsing history and track websites you visit in other windows and tabs.     

How is it possible?

Here are some technical details behind. Whenever you open a new tab and visit a site that uses a local database, a new empty database with the same name is generated in all other windows. Normally, every website has a unique database name and user-specific identifiers, and it can access only its own database entry.

The problem is that the given names are so obvious that it's very easy to identify websites that users are visiting. Also, many websites apply users' personal data to link them in a database. This way, the bug is a serious privacy violation that allows other sites to view and access websites you open during the same browsing session and even fetch the info on your Google ID and related personal data. 

Look at the FingerPrintJS live demo of the bug that can lead to de-anonymisation.

 

Which browsers are impacted?

Sadly, this issue concerns all the browsers that are based on the Apple WebKit engine: Safari 15 for macOS Monterey and Safari for iOS 15 and iPadOS 15. The vulnerability also relates to third-party browsers, including Chrome, on iOS 15 and iPadOS 15 since WebKit is required on iPhones and iPads.

It's noted that the users of the previous Safari versions can keep calm as Big Sur and iOS 14 aren't impacted. 

What to do?      

Apple is working hard to address the issue and resolve data leaks. It's reported that Apple provided fixes for macOS Monterey 12.2, iOS 15.3 RC and iPadOS 15.3 RC. The fixes were already released for developers and beta users. These updates will be available for all users soon.

Meanwhile, avoid logging into your Google account on Safari or make use of alternative browsers like Brave or Firefox.   

Referenced Mac applications

Brave Browser
FREE
rating

Browse safer without intrusive adds on internet pages.

Browser ChooserX
FREE
rating

Browser ChooserX allows you to select the browser for external links.

Firefox
FREE
rating

Quickly browse the web without slowing down your Mac.

Google Chrome
FREE
rating

Explore the web using Google's super-fast browser.

Opera
FREE
rating

Alternative Web browser with server-side compression for slow connections.

Safari
FREE
rating

Safari 5 is a web browser made by Apple for the Mac.

Author's other posts

macOS 13 Ventura: all the key features at hand
Article
macOS 13 Ventura: all the key features at hand
Meet Apple's next-generation operating system and get more out of your Mac.
Is MacBook Pro 2022 with M2 On The Way?
News
Is MacBook Pro 2022 with M2 On The Way?
We hardly know anything about a new 13-inch MacBook Pro, but recent leaks state that it's due for a release this autumn.
Top Features of macOS 13 We Expect To See At WWDC
News
Top Features of macOS 13 We Expect To See At WWDC
Possibly, Apple will introduce new macOS 13 at the Worldwide Developers Conference in June. Which features are expected?
Meet Updated Final Cut Pro 10.6.2 With New Features
News
Meet Updated Final Cut Pro 10.6.2 With New Features
New Final Cut Pro 10.6.2 provides improved Mac Studio performance as well as Duplicate Detection and Voice Isolation options.