There is a vulnerability in Apple’s Safari browser that is said to be leaking users’ browsing activity and even allow bad actors to learn their identities. The vulnerability affects the latest Mac OS, iOS, And iPadOS the user. This comes due to a bug that was introduced in the implementation of IndexedDB, which acts as an application programming interface (API) for storing structured data. MacOS users have an alternative solution, where they can use a third-party web browser, but iPhone And ipad Users do not have that option. The vulnerability was first hinted at in a report by 9to5Mac, which states that fraud detection firm FingerprintJS has discovered a vulnerability affecting the latest version of Safari.
Vulnerability found in IndexedDB Safari 15. It follows the same origin policy to restrict documents and scripts loaded from one origin to interact with resources from the other origin. Researchers at FingerprintJS have found that Apple’s implementation of IndexedDB violates this policy, resulting in an exploit that could be used by an attacker to gain access to users’ activity. Web browser or identity linked to their Google Account. “Every time a website interacts with a database, a new (empty) database with the same name is created in all other active frames, tabs and windows within the same browser session,” the researchers were quoted as saying. .
This vulnerability allows hackers to know which websites they are visiting in different tabs or windows. It also exposes them Google ID to websites, even if the user has not logged in using their Google Account.
Researchers at FingerprintJS have also released a proof-of-concept to demonstrate the vulnerability, which users can use on their Mac, iPhone or iPad computers. It currently locates Alibaba, instagram, Twitter, And xbox To explain how the database can be leaked from one website to another.
For macOS users, this vulnerability can be avoided if they switch to a third-party browser such as Google Chrome or Mozilla Firefox, but this option is not available for iPad and iPhone users. This is mainly because Apple does not allow iOS devices to use third-party browser engines. Apple has yet to comment on the issue.
read all breaking news, today’s fresh news And coronavirus news Here.
,