World News Headlines January 17, 2022 Under One Ceiling 0 New Safari bug can expose Apple users’ browser history and Google account details 0 0000 0 0 more New Safari bug can expose Apple users’ browser history and Google account details January 17, 2022 Under One Ceiling now playing Transferring money from UAE abroad: what are my cheapest options January 17, 2022 Under One Ceiling WIN With Nespresso This Mother’s Day January 17, 2022 Under One Ceiling NBA Playoffs 2022: A Casual Fan's Guide to the Postseason January 17, 2022 Under One Ceiling Best New Climbing Gear of 2022 January 17, 2022 Under One Ceiling A Local Weekend Travel Guide to Austin, Texas January 17, 2022 Under One Ceiling First Drive: 2022 Range Rover Ups the Luxury SUV Experience January 17, 2022 Under One Ceiling Most Stylish Rain Jackets, Parkas, and Trench Coats for Men January 17, 2022 Under One Ceiling EU eyes Russian oil import ban as Moscow strikes western Ukraine January 17, 2022 Under One Ceiling World-class Clark Int’l Airport opens new 110,000 square-meter passenger terminal January 17, 2022 Under One Ceiling PCG: Bodies of 5 children who drowned in Taal Lake found January 17, 2022 Under One Ceiling New Safari bug can expose Apple users’ browser history and Google account details A vulnerability in Safari can be exploited to expose your browser history — and possibly elements of your identity. Revealed in a Saturday blog post by FingerprintJS, the bug was introduced to Safari 15 via the Indexed Database API (IndexedDB), which is part of Apple’s WebKit web browser development engine. To put it simply, IndexedDB can be used to save data on your computer such as websites you’ve visited, making them load quicker when you return to them later. IndexedDB also usually follows the same-origin policy security mechanism, which doesn’t let websites freely interact with each other unless they have the same domain name (among other requirements). Think of it like being in quarantine and only being allowed to hang out with members of your household. So for example, Netflix can’t access IndexedDB’s saved data to find out you’ve been cheating on them with YouTube. SEE ALSO: How to move Safari’s search bar back to the top in iOS 15 Unfortunately, the bug revealed by FingerprintJS causes IndexedDB to violate the same-origin policy, exposing data it has collected to websites it didn’t collect it from. Even worse, some websites such as those in Google’s network use unique user-specific identifiers in the data provided to IndexedDB. This means that, if you’re logged into your Google account, the collected data can be used to precisely identify both your browsing history and details of your account. And if you’re logged into more than one account, it can figure that out too. “Not only does this imply that untrusted or malicious websites can learn a user’s identity, but it also allows the linking together of multiple separate accounts used by the same user,” wrote FingerprintJS. They also released a demonstration showing the type of information the exploit can reveal. FingerprintJS reported the bug at the end of last November, but Apple still hasn’t fixed it. Mashable has reached out to Apple for comment. All of this is concerning, but there isn’t much you can do about it right now. Browsing in Safari’s Private mode can mitigate the potential damage, since a private tab can’t tell what’s going on in any other tabs regardless of whether they’re private or public. However it still isn’t foolproof. “[I]f you visit multiple different websites within the same [private] tab, all databases these websites interact with are leaked to all subsequently visited websites,” wrote FingerprintJS. Mac users can avoid the vulnerability by switching from Safari to a different browser, but people on iOS or iPadOS are out of luck. While only Safari has been impacted on Mac, Apple’s requirement that all iOS and iPad web browsers use WebKit means the IndexedDB bug has impacted every browser on these systems. The best we can do is either wait for Apple to come out with a patch, switch to an Android, or just log off. Related Related posts: Save 40% on this warming crock that keeps dips and sauces hot Trump threatens to pull tax exemption for schools, colleges tags: RSS Feed World News 0000 0 0 previous Enjoy a lifetime of learning with this discounted Rosetta Stone bundle next Apple CarKey is reportedly coming to more cars soon
