safari: Apple working on a fix for this security bug in Safari web browser – Times of India

Apple is working on a fix for a recently-reported bug in the Safari web browser, as per a report by 9To5Mac. The bug was reported by fingerprintjs.com and allows someone to extract the browsing history of the user and even the Google IDs stored there.
The security vulnerability was found in the implementation of IndexedDB, a Javascript API used to store data. With the aid of this bug, cybercriminals can see the recently accessed URLs and even obtain the Google User ID, which exposes your personal information.
As per the report by fingerprintjs.com, IndexedDB follows the same-origin policy which restricts how documents or scripts loaded from one origin can interact with resources from other origins. “In Safari 15 on macOS, and in all browsers on iOS and iPadOS 15, the IndexedDB API is violating the same-origin policy. Every time a website interacts with a database, a new (empty) database with the same name is created in all other active frames, tabs, and windows within the same browser session.”, added the report.
“Based on a WebKit commit on GitHub, Apple engineers are already preparing a fix for the Safari bug that leaks user data.”, said the report by 9To5Mac.
Though the date the fix is arriving is not clear yet, Apple is expected to send out the cure with a new version of the Safari browser (using the latest WebKit engine) with the updated builds of iOS 15 and macOS Monterey, as per a report by MacRumors.

For all the latest Technology News Click Here 

 For the latest news and updates, follow us on Google News

Read original article here

Denial of responsibility! TechNewsBoy.com is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.