Skip to content
Apple browser bug could leak personal data — RT World News

 | News Today

Apple browser bug could leak personal data — RT World News

| Today Headlines | Google News


Vulnerability in Safari 15 browser allows malware to track users’ internet activity and reveal their identities

A recently revealed Apple Safari 15 bug can be used by malicious sites to extract users’ browsing history and obtain their Google ID to collect more personal data, reports a fraud detector.

The problem identified by FingerprintJS, a browser fingerprint fraud detection service, lies with IndexedDB – an application programming interface, or API, used to store large amounts of data on a browser.

Normally, these data collection interfaces operate under the “same origin” policy: they allow only the websites with which a person interacts to access the data generated by each of these websites themselves, but not others. For example, if a person opens their email account in one browser tab and another web page in the second, that web page will not be able to access email data.

When it comes to Safari 15, however, that’s not the case. Due to Apple’s application of the IndexedDB API, each time a website interacts with the browser’s database, a new database of the same name is created for all other active tabs. This means that each of these sites can access the database names of all other sites that a person interacts with at the same time.


Apple browser bug could leak personal data — RT World News

 | News Today

This can be particularly disturbing when a person interacts with certain web pages that require certain personal data such as YouTube or Google accounts. All pages linked to Google ID create databases with a person’s unique Google user ID in their name, which are then de facto shared with all other websites a person opens and can therefore be potentially exploited by malicious actors, including to obtain more personal data once they know the Google ID.

MacOS owners can potentially use a browser other than Safari to work around the bug, but iPhone and iPad owners can’t do much since the banning of Apple’s third-party browser engine on all devices iOS means all browsers are affected. Private mode on Safari 15 is also affected.

FingerprintJS even created a special demo to show how website data, browsing history, and personal data are collected by Safari in a way that reveals a person’s internet profile picture. He also said he reported the issue to WebKit Bug Tracker on November 28, but no update to fix the issue has yet been released. Apple also hasn’t responded to media requests for comment so far.

You can share this story on social media:

Apple browser bug could leak personal data — RT World News

| Today Headlines Usa News
rt Gt

Not all news on the site expresses the point of view of the site, but we transmit this news automatically and translate it through programmatic technology on the site and not from a human editor.