Apple is working to fix a known bug in Safari that allows websites to view a user's browsing history and Google ID.
At the weekend reportedthat researchers have found a problem with the way Apple implemented the IndexedDB API in Safari 15. The flaw would allow any website to track a browser's internet activity and potentially determine a user's identity. According to a WebKit commit on GitHub, which was reported by MacRumors discovered , Apple is now preparing a fix for the bug. However, the fix will not be available until Apple rolls out updates for Safari on macOS Monterey, iOS 15, and iPadOS 15. IndexedDB is a browser API used by major web browsers as client-side storage for data such as databases.
Safari 15 vulnerability: Next beta could contain patch
Typically, the use of a "same-origin policy" restricts which data can be retrieved from which website, ensuring that a website can only access data it has generated itself and not that of other websites. In the case of Safari 15 for macOS, iOS, and iPadOS, IndexedDB was found to violate the same-origin policy. The experts claim that every time a website interacts with its database, a new empty database with the same name is created "in all other active frames, tabs, and windows within the same browser session." iOS 15.3, iPadOS 15.3, and macOS Monterey 12.2 are currently in beta testing. The next version may include the patch. (Photo by Unsplash / Dennis Brendel)
