Vulnerability in Safari exposes browser history and Google usernames

Miscellaneous   /   by admin   /   January 17, 2022

click fraud protection

Apple reported the problem last year.

FingerprintJS Experts establishedthat the problem is in Safari 15 on all devices. The vulnerability also provides access to data in other browsers on iOS 15 and iPadOS 15.

Due to the use of the IndexedDB standard, the software stores data on users' devices. Normally, only the site for which it was created can access its database.

But in Safari, with each such access attempt, new empty bases are created for all windows and tabs - with the same names as the original one. As a result, third-party resources see what other pages are being visited.

In addition, YouTube, calendar and other Google services store user logins in the names of their local databases. Using them, cybercriminals can also obtain other data, such as the last name, first name, and account photo.

You can see how it works at special sitegenerated by FingerprintJS - it shows recent activity in Safari. Experts reported the problem to Apple on November 21, 2021, but the vulnerability has not yet been closed.

instagram viewer

Read also🧐

  • iPhone found a vulnerability that allows you to simulate a reboot and spy on users
  • How to Disable Colored Tab Bar Background in Safari 15 on Mac
  • How to bring Safari search bar back to the top in iOS 15
Ksenia Shestakova
Ksenia Shestakova

For 10 years in IT, I tried a lot: I worked as a system administrator and tester, I wrote in a dozen different languages programming, led the computer department of the editorial office of a printed newspaper and led news feeds high-tech portals. I can patch KDE2 for FreeBSD - and tell you in detail about all the nuances of this process. I dream about homemade R2-D2 and space flight.

Tags cloud
Rating
0
Views
0
Comments
YOU MIGHT ALSO LIKE
Instagram story viewer