A serious bug in the Safari browser ensures that websites can access information about the history and other user data. A bug in a database interface is responsible for the vulnerability. Numerous Apple devices are affected by the bug. The bug was from FingerprintJS discovered. For each website visited, Safari creates a database that only the website should have access to. However, a bug in WebKit means that a website can also read the names of other pages.
This allows websites to track the user and see which services have been accessed previously. Since Google appends an identification number to the database name, malicious sites can also find out the user’s Google ID and look up more details.
Bug also affects other iPad browsers
The bug affects Safari 15 on Mac devices and also the Safari versions built into iOS 15 and iPadOS 15. In addition, the bug can also be found in the iPad builds of Chrome and other browsers, since the programs depend on WebKit. Anyone using a vulnerable version of Safari can rely on this demo page display which data records can be read out. However, this is only a proof-of-concept.
Currently, only about 30 different domain names are recognized. However, it would be conceivable that malicious sites would query significantly more addresses. FingerprintJS already informed Apple about the problem on November 28, 2021. So far, however, the responsible developers have not fixed the bug. Since the error has now been published, it is conceivable that Apple will react soon and make a patch available. So far, however, the company has not officially commented on the bug.
Web Desk is the news author at Research Snipers which mainly covers Technology News, Microsoft News, Google News, Facebook, Apple, Huawei, Xiaomi, and other tech news and served by Research Snipers Staff and editors.