Business is booming.

Apple 'working on a fix' for bug in Safari that exposes users' internet activity and personal data

Apple says it is ‘working on a fix’ for ‘serious’ bug in Safari browser that exposes users’ internet activity and personal data to sites like Google and YouTube

  • A bug has been found in Apple’s Safari 15 that exposes users’ Internet activity and personal information to other websites
  • The flaw also allows sites to “see” which other websites iOS users visit in different tabs or windows
  • Apple engineers are preparing a solution, according to 9to5Mac, which is expected to be “released to users very soon” – but the tech giant has yet to reveal when

<!–

<!–

<!–<!–

<!–

<!–

<!–

A bug has been discovered in Safari 15, the latest version of Apple’s default search engine, which exposes users’ Internet activity and personal information online.

Discovered by FingerprintJSthe bug allows any website that uses IndexedDB, a JavaScript application programming interface, for client-side data storage to access IndexedDB database names generated by other websites during a user’s browsing session.

The flaw also allows sites to “see” which other websites iOS users visit in different tabs or windows.

And because some websites use unique user-specific identifiers in database names, users’ information is easily accessible.

FingerprintJS points out that the list of sites includes YouTube, Google Calendar, and Google Keep.

Apple engineers are preparing a solution, according to 9to5Macwhich is expected to be ‘released to users very soon’ – but the tech giant has yet to reveal when.

A bug has been discovered in Safari 15, the latest version of Apple's default search engine, which exposes users' Internet activity and personal information online

A bug has been discovered in Safari 15, the latest version of Apple’s default search engine, which exposes users’ Internet activity and personal information online

“The fact that database names leak from various sources is a clear violation of privacy,” FingerprintJS shared in a blog post.

‘It lets random websites know which websites the user visits in different tabs or windows.

‘This is possible because database names are usually unique and website-specific. In addition, we have found that in some cases, websites use unique user-specific identifiers in database names.

“This means that authenticated users can be uniquely and accurately identified.”

1663140323 790 Apple 039working on a fix039 for bug in Safari that

1663140323 790 Apple 039working on a fix039 for bug in Safari that

Apple engineers are preparing a solution, according to 9to5Mac, which is expected to be “released to users very soon” – but the tech giant has yet to reveal when

FingerprintJS also checked Alexa’s most visited websites to see how many websites use IndexedDB and can be uniquely identified by the databases they interact with.

The results show that more than 30 websites interact with indexed databases directly on their homepage, without any additional user interaction or authentication.

“We suspect this number is significantly higher in real-world scenarios, as websites can interact with databases on subpages, after specific user actions, or on verified parts of the page,” FingerprintJS shared.

While Apple has acknowledged the bug, there’s not much users can do to protect themselves until the tech giant rolls out a fix.

However, FingereprintJS suggests blocking all JavaScript by default and only allowing it on sites that are trusted.

Users can also switch to a different browser until Apple rolls out the fix.

“The only real protection is to update your browser or operating system as soon as Apple fixes the problem,” FingereprintJS said.