Based on a study from FingerprintJS There is an issue in Safari’s IndexedDB Implementation in Mac and iOS that could leak certain of your personal information. Find out more details about it.
A significant Safari glitch has been found.
It could leak personal data that you have on the Google account.
Apple hasn’t yet figured out how to fix the Safari issue.
Amajor Safari vulnerability is now known to reveal browsing information and certain personal data that is stored in Google. Google account. This announcement comes just days after the news that an Mac vulnerability can permit attackers to access your personal information in the event that you do not apply the latest software update. While the fix to the security flaw was released swiftly, Apple is yet to solve the Safari security flaw. Here’s everything you should be aware of.
Based on an investigation by FingerprintJS the fingerprinting service for browsers and detection system, there’s an issue in Safari’s IndexedDB version in Mac as well as iOS.
-IndexedDB – IndexedDB is an interface for applications (API) which is built into a browser to save your information. It is based on a same-origin rule that the source states is not being observed by the Apple application to indexedDB. IndexedDB API inside Safari 15.
The policy of same-origin is a crucial security feature that limits how one source can interact with resources that originates from a different source. Simply put it blocks different websites from interfacing with one another in the absence of sharing the same domain name. If, for instance, you have your Gmail is open on one browser and a malicious website is open is opened on the second this policy will block the malicious site in accessing Gmail. This can help protect your data from potentially harmful websites. However, this rule isn’t being enforced by hackers, giving them the ability to access your information as per FingerprintJS.
The vulnerability can be easily used to expose data since every website that uses this browser is now able to access databases’ names for any domain , not only its own. Furthermore, some websites such as YouTube on Google’s network include unique user-specific identifiers to databases’ names. This means that hackers could be able to access this information and pinpoint your browsing history, as well as information about your account when signed in on your Google account with this particular browser.
The unfortunate thing is that those who use Safari to browse aren’t capable of doing anything to eliminate this issue. Users are forced to sit and wait until Apple to come up with a solution to this. The source cited says more than 30 websites are affected by this issue which includes Instagram, Netflix, Twitter, Xbox and more.