A security bug in Apple’s Safari browser is said to reveal information about users’ browsing history, including details of logged in Google accounts. Security firm FingerprintJS has published a report which states that a bug in iOS 15 version of Safari “lets any website track your internet activity and even reveal your identity.”
As per the blog post shared by the security firm, the bug is found in an Application Programming Interface (API) used by Safari called the IndexedDB. The bug allows any website that uses IndexedDB API to access the databases generated by other websites during a browsing session. This means that the bug allows one website to track other websites the user visits and access the user’s personal information. This, in turn, can be used by hackers to exploit a user’s identity.
“A tab or window that runs in the background and continually queries the IndexedDB API for available databases can learn what other websites a user visits in real-time. Alternatively, websites can open any website in an iframe or popup window in order to trigger an IndexedDB-based leak for that specific site,” the blog post said.
As per FingerprintJS, even the private browsing mode does not protect against the bug. It noted that no user action is needed for a website to access IndexedDB database names generated by other websites.
The bug, reportedly, affects new versions of Safari using Apple’s open source browser engine WebKit. It impacts Safari for Mac, Safari versions on iOS 15 and iPadOS 15, and even third party browsers like Chrome.
FingerprintJS says in the blog post that the bug was reported to Apple on November 28, 2021. However, the issue is yet to be resolved.
FacebookTwitterLinkedin
For all the latest Technology News Click Here
For the latest news and updates, follow us on Google News.
