Start United States USA — IT Safari 15 bug leaks browsing activity on iPhone, iPad, and Mac devices

Safari 15 bug leaks browsing activity on iPhone, iPad, and Mac devices

204
0
TEILEN

FingerprintJS discovered a bug in Safari 15 that can leak browsing activity and unique identifiers to malicious websites you visit.
We could all do a better job of keeping our online accounts and private data secure. Unfortunately, there’s only so much that we can do when the software we use leaves us vulnerable to major threats. For example, last Friday, the fraud prevention service FingerprintJS detailed a bug in Safari 15 capable of leaking browsing activity and personal data (via 9to5Mac). This bug affects the Safari on macOS, as well as every browser on iOS and iPadOS. If you own an Apple device, you’re at risk. As FingerprintJS explains, the vulnerability is a result of Apple’s implementation of the IndexedDB API in Safari. IndexedDB stores data while you browse, and is meant to follow the same-origin policy. This policy ensures that data and documents from one website can’t be seen by another. Safari 15 violates the same-origin policy. When a website you visit on Safari interacts with a database, “a new (empty) database with the same name is created in all other active frames, tabs, and windows within the same browser session.

Continue reading...