Apple reportedly fixing known Safari fingerprinting bug


San Francisco, Jan 19 (IANS): Tech giant Apple is working on a fix for a known bug in Safari that allows websites to view a user's browsing history and Google ID.

On Sunday, it was reported that the research team had found an issue with the way Apple had implemented IndexedDB API in Safari 15, reports AppleInsider.

The bug would allow any website to track a browser's internet activity, and potentially determine a user's identity.

Apple is now preparing a fix for the bug, according to a WebKit commit on GitHub, as spotted by MacRumors, the report said.

However, the fix will not be available to users until Apple rolls out updates for Safari on macOS Monterey, iOS 15 and iPadOS 15, it added.

IndexedDB is a browser API used by major web browsers as client-side storage, holding data such as databases.

Usually, the use of a "same-origin policy" will limit what data can be accessed by which website, and typically makes it so that a site can only access data that is generated, not those of other sites.

In the case of Safari 15 for macOS, iOS, and iPadOS, it was found that IndexedDB is violating the same-origin policy.

The researchers claim that whenever a website interacts with its database, a new empty database using the same name is created "in all other active frames, tabs, and windows within the same browser session."

 

  

Top Stories


Leave a Comment

Title: Apple reportedly fixing known Safari fingerprinting bug



You have 2000 characters left.

Disclaimer:

Please write your correct name and email address. Kindly do not post any personal, abusive, defamatory, infringing, obscene, indecent, discriminatory or unlawful or similar comments. Daijiworld.com will not be responsible for any defamatory message posted under this article.

Please note that sending false messages to insult, defame, intimidate, mislead or deceive people or to intentionally cause public disorder is punishable under law. It is obligatory on Daijiworld to provide the IP address and other details of senders of such comments, to the authority concerned upon request.

Hence, sending offensive comments using daijiworld will be purely at your own risk, and in no way will Daijiworld.com be held responsible.