Apple’s Safari Found With Bug Exposing Browser History — Fix May Be Coming Soon?
By Alexa Heah, 20 Jan 2022
Last week, a blog post revealed that Apple’s Safari app contained a bug that exposed users’ personal data and browsing history details. It seems that the vulnerability has been around since late November 2021.
The bug, found by FingerprintJS, had caused the Indexed Database API (IndexedDB) to make data available to websites it didn’t collect any from.
This meant that “untrusted or malicious websites can learn a user’s identity, but it also allows the linking together of multiple separate accounts used by the same user.”
MacRumors reported that Apple has put in place a fix for the exploit, as per a WebKit commit on GitHub, though it will not be available to users till the next release of iOS 15, macOS Monterey, and iPadOS 15 update.
When asked, the firm declined to give a timeline of when the updates with the patch will be released.
According to Mashable, the best thing to do in the meantime is surf websites from Safari’s Private mode, which doesn’t share information with other public or private tabs. However, it’s not a completely fail-safe option either.
“[I]f you visit multiple different websites within the same [private] tab, all databases these websites interact with are leaked to all subsequently visited websites,” FingerprintJS explained.
While Mac users can switch to using Google Chrome, Opera, or a different browser, it isn’t an easy fix for those on iPhones or iPads.
Apple has required all iOS and iPadOS browsers to make use of WebKit, causing all browsers to be affected by the IndexedDB vulnerability.
For now, hang tight and wait for Apple to release the fix with its upcoming updates, or be extra careful surfing the web in private mode.
More related news