Safari 15 may have a serious security flaw, and there’s no patch in sight

By Scott Marlette Last updated Jan 17, 2022

Security experts have uncovered a major flaw in the latest version of Apple’s internet browser which is leaking browsing history and even some identity data saved in associated Google accounts.

According to a blog post from cybersecurity service providers FingerprintJS, the problem lies in an Apple API – IndexedDB, used to store data in Safari 15.

Safari 15 has a security measure that prevents malicious pages, opened in one tab, to read the data generated by websites opened in another tab. According to FingerprintJS, IndexedDB API in Safari 15 does not abide by this policy (called the same-origin policy), and instead – “a new (empty) database with the same name is created in all other active frames, tabs, and windows within the same browser session.”

No patch yet

The researchers have also explained how the flaw can be leveraged to obtain Google account data. Google’s services (for example, YouTube) generate databases containing the unique Google User ID in their names. As these IDs are used to access public information, such as a profile picture, other sites could see it, as well.

To show how a website can learn any visitor’s recent and current browsing activity, the researchers also built a demo which you can find on this link. At the moment, it detects 30 affected sites, but the list is probably a lot bigger.

Right now, there doesn’t seem to be a solution to the problem. As reported by The Verge, the problem even affects Private Browsing mode on Safari, and with Apple’s third-party browser engine ban on iOS, all other browsers are affected, as well.

The flaw has been reported to the WebKit Bug Tracker in late November last year, but Apple is yet to issue an update for the browser, and remains silent on the matter.

One option, suggested by the researchers, is to block all JavaScript by default and only allow it on trusted sites. However, this makes modern web browsing “inconvenient and is likely not a good solution for everyone,” they concluded.

You might also want to check out our list of the best firewalls right now

Via: The V e rge

For all the latest Technology News Click Here

For the latest news and updates, follow us on Google News.

Read original article here

Denial of responsibility! TechNewsBoy.com is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.