Users of Apple devices appear to be at risk of a serious browser security issue with the safari exploit. FingerprintJS, according to 9to5Mac, has uncovered a vulnerability that allows attackers to acquire your recent browser history. As well as certain Google account information, from Safari 15 on all supported devices, as well as third-party browsers on iOS 15 and iPadOS 15.
Safari exploit leaks private data of the users
The IndexedDB framework (which is used to store data in many browsers) is breaking the “same-origin” policy, which prevents documents and scripts from one location. Interacting with content from another, allowing properly coded websites to deduce Google information from signed-in users. It also affects the histories from open tabs and windows.
The bug only affects the names of the databases, not the actual information.
However, a hostile site owner may still use this information to steal your Google account. He can also get your profile picture, and learn more about you. The history might also be used to create a basic profile of the websites you enjoy. According to FingerprintJS, using private browsing won’t stop the attack from working.
Apple has been contacted for comment.
However, FingerprintJS stated that it first identified the problem on November 28th. Apple had yet to solve it with security upgrades that respected the same-origin requirement. Until then, the only options for Macs may be to use a third-party browser or block all JavaScript, neither of which is a viable choice.
A browser fingerprinting and fraud detection service, a problem in Safari 15 potentially leak your browsing activities. It also leaks some of the personal information associated with your Google account (via 9to5Mac). The flaw in Apple’s implementation of IndexedDB, an application programming interface (API) that saves data in your browser, is the source of the vulnerability.
