Critical – Apple Safari bug leaks user information and browsing activity

Researchers from FingerprintJS discovered a flaw in Safari 15 that may be used to track users’ online activity and possibly reveal their identities.

The weakness is related to Safari 15’s implementation of the IndexedDB, a web application programming interface, according to the security research and browser fingerprinting company.

Essentially, any site has access to the names of all IndexedDB databases, which may be exploited to extract identifying information.

Databases containing the authorized Google User ID are created by websites like YouTube and Google Calendar.

When a user logs into numerous accounts, a database is established for each of them.

A malicious website might harvest your Google User ID from these databases and use it to learn more about you.

FingerprintJS examined the homepages of Alexa’s Top 1,000 most visited sites to establish the scope of the flaw.

More than 30 of these websites have indexed databases immediately on their homepage, according to the study.

Alibaba, YouTube, Bloomberg, and Instagram are among the websites that have been impacted.

This vulnerability affects all current versions of Safari for MacOS and iOS.

The vulnerability was reported to Apple in November by FingerprintJS, however it has yet to be fixed.

Click Here to learn more on cybersecurity options

Information Sourced From Myles Illidge , My Broadband

Leave a Reply

Your email address will not be published.