Are you using Safari on your iPad, iPhone, or Mac?
Then, you should probably have heard of the new bug that can steal your data while your browser is inactive.
In today's article, we will talk about this strange new bug, know its origins and discuss how you can stay safe against it.
So, put on your learning caps join us on this brand new journey.
Let us Begin…
Safari has a new bug!!!
The Safari browser by Apple has a vulnerability that allows users to leak their browsing activity.
This could even allow bad actors to access their identities. This vulnerability affects macOS, iOS, and iPadOS. This vulnerability is caused by a bug in IndexedDB's implementation. IndexedDB acts as an API to store structured data and functions as an application programming interface (API). macOS users can use it to access a third-party browser.
iPhone and iPad users do not have this option. This vulnerability was first mentioned in a 9to5Mac report.
The FingerprintJS fraud detection firm has found the vulnerability that affects the latest Safari version.
A vulnerability in IndexedDB has been discovered in Safari 15. It adheres to the same-origin policy, which is intended to limit documents and scripts that are loaded from one source to not having interacted with resources from other sources.
FingerprintJS researchers discovered that Apple's implementations of IndexedDB are in violation of this policy.
This loophole can be used by attackers to gain access to user activity and identities.
According to the researchers, "Every time a website interacts with a database, a new (empty) database with the same name is created within all other active frames and tabs in the same browser session."
This vulnerability allows hackers access to the websites that they are visiting in different tabs and windows.
This vulnerability exposes the user's GoogleID to websites even though they have not yet logged in with their Google account.
FingerprintJS researchers also released a proof of concept to show the vulnerability. Users can use it on their Macs, iPhones, and iPads. It detects Instagram and Twitter. This allows users to see how the database could be accessed from any website.
A detailed take on the bug
This is a scary report for anyone who uses the Apple iPhone Safari browser, Safari.
This dangerous bug could allow hackers to access your Google account data and browsing history.
This iPhone Safari bug was discovered in the Apple Safari web browser. It affects all web browsers that use iOS, including iPhone, iPad, and Safari 15 for Mac, PC, and laptops.
Martin Bajanik reported the problem. He confirmed that the problem stemmed from an iPhone browser Safari feature that allows users to store both browsing data and other account information in one location.
This functionality was created to make it easier for users to access their data. It may have backfired.
The problem was caused by the IndexedDB feature, which is a new feature in the Apple Safari web browser. It is a low-level API that is used to follow the same-origin rule.
The same-origin security policy prevents scripts or documents from one source from interfacing with scripts or documents from another source.
IndexedDB appears to be breaking the same-origin protocol by creating duplicates of data on every website that interacts. This could impact your iPhone's Safari browsing experience.
Imagine this. You can use the Safari browser on your iPhone, iPad, Mac, or PC. One tab has your email account open. The next tab opens a suspicious website that might attempt to access your data.
Normal circumstances would not cause this problem, as your data is separated and the website can only access the information that the user has shared.
This report shows that the website could potentially access all of your emails without you having to do anything. That's scary!
This problem is made worse by the fact that malicious websites can access your Google information.
They can gain access to multiple accounts such as YouTube, Google services, and more, even though you haven't opened these websites. This bug can cause your Apple iPhone Safari browsing experience to stutter.
You can't do much except stop using the Safari browser right now. You can also close the Safari browser on your computer and only visit trusted websites.
According to the fingerprints, Apple engineers are already working out the solution.
The website posted an update saying, "Apple engineers started working on the bug as of Sunday." They have merged potential fixes and marked our report as solved.
However, the bug persists for end-users until these updates are released.
For the moment, until Apple fixes the problem, you can ensure your safety by only visiting trusted websites via the Apple iPhone Safari browser or any other device that supports matters.