According to a report by FingerprintJS, there is an issue with Safari’s IndexedDB implementation on Mac and iOS, which can leak some of your personal data. Read on to know more about it.
HIGHLIGHTS
- A major Safari bug has been discovered.
- It can leak some personal information available on your Google account.
- Apple is yet to address the Safari bug.
A major Safari bug has been discovered that can reportedly leak browsing data and some personal information available on your Google account. This news comes just days after it was reported that a Mac vulnerability can allow attackers to gain access to your sensitive data if you don’t install the latest software update. While the fix for this security flaw was issued quickly, Apple is yet to address the Safari bug. Here’s everything you need to know about this.
— According to a report by FingerprintJS, a browser fingerprinting and fraud detection service, there is an issue with Safari’s IndexedDB implementation on Mac and iOS.
— IndexedDB is basically an application programming interface (API) that is built into a browser to store your data. It follows a same-origin policy, which the cited source says is being violated by Apple’s application of the IndexedDB API in Safari 15.
— The same-origin policy is a critical security mechanism that restricts how one origin can interact with a resource from another origin. In simpler terms, it prevents different sites from interacting with each other unless they share the domain name. For instance, if your Gmail is open on one tab and a malicious site on the second one, then the policy restricts the latter from accessing your Gmail. This helps safeguard you from potentially malicious sites. But, this policy is being violated, which gives attackers a free hand to steal your data, as per FingerprintJS.
— The bug can easily help expose data as any website on this browser can now access the names of databases for any domain and not just its own. Moreover, some of the sites like YouTube on Google’s network add unique user-specific identifiers in database names. This means that the attacker will be able to use this data and precisely identify your browsing history and details of your account when you are logged in to your Google account on this browser.
— Unfortunately, those who are using Safari for browsing won’t be able to do anything to get rid of this bug. Users will have to wait for Apple to release a fix for this. The cited source says that around 30 popular sites are affected by this bug, and these include Instagram, Netflix, Twitter, Xbox and more.
Click here for IndiaToday.in’s complete coverage of the coronavirus pandemic.
