Home » Safari vulnerability may lead to the leakage of browsing history, Google account information

Safari vulnerability may lead to the leakage of browsing history, Google account information

by admin

Engadget

According to 9to5Mac, FingerprintJS has disclosed a vulnerability on some Apple devices that could lead to the leakage of users’ browsing history and even Google account information. It is said that all platforms that support Safari 15 will be affected, and third-party browsers on iOS 15 and iPadOS 15 will also be affected (because they use the same engine as Safari). The root of the problem is that Apple violates the same-origin principle of the IndexedDB framework, which is responsible for storing data in many browsers.

Generally speaking, most browsers will create a new IndexedDB when opening each website, and it can only be accessed from that website. But Safari’s current practice is to open an IndexedDB for a website, and then use the blank shadow copy of the IndexedDB for other websites. Although the copy is empty, its name is exactly the same as the actual database, which constitutes the possibility of privacy leakage. For example, when Disney’s website sees Netflix IndexedDB, it knows you’re most likely a Netflix subscriber. In addition, the database name of websites such as Gmail will also contain the user ID, which brings even greater risks.

According to FingerprintJS, even incognito mode cannot avoid this vulnerability. They said they reported the problem to Apple as early as November 28 last year, but the other party has not released a corresponding fix update. So for the time being, if you want to completely eliminate privacy leaks, Mac users can only switch to non-Safari browsers first, while iPhone and iPad users have no good way. (You can turn off JavaScript, but that will make it almost impossible to browse)

You may also like

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More

Privacy & Cookies Policy