Apple is working to fix a known bug in Safari that allows websites to view a user's browsing history and Google ID.
At the weekend reportedthat researchers have found a problem with the way Apple implemented the IndexedDB API in Safari 15. The flaw would allow any website to track a browser's internet activity and potentially determine a user's identity. According to a WebKit commit on GitHub, which was reported by MacRumors discovered , Apple is now preparing a fix for the bug. However, the fix will not be available until Apple rolls out updates for Safari on macOS Monterey, iOS 15, and iPadOS 15. IndexedDB is a browser API used by major web browsers as client-side storage for data such as databases.
Safari 15 vulnerability: Next beta could contain patch
Normally, the use of a "same-origin policy" restricts which data can be retrieved from which website and ensures that a website can only access data that it has generated itself and not that of other websites. In the case of Safari 15 for macOS, iOS and iPadOS, IndexedDB was found to violate the same-origin policy. The experts claim that every time a website interacts with its database, a new empty database with the same name is created "in all other active frames, tabs and windows within the same browser session". iOS 15.3, iPadOS 15.3 and macOS Monterey 12.2 are currently being tested in beta. The next version may already contain the patch. (Photo by Unsplash / Dennis Brendel)
