Apple’s Safari web browser is leaking your browsing data, including the websites you’ve visited and the search terms you’ve used. This information can be easily accessed by anyone with access to your computer, and it’s not clear how Apple is protecting it. Safari is one of the most popular web browsers on the market, and its widespread use makes it a prime target for hackers. The fact that Apple has failed to address this security flaw is alarming, and it’s likely that other browsers will soon follow suit. If you’re concerned about privacy issues related to your online activity, we recommend using a different browser. There are plenty of options available on the market, and we’ll be sure to keep you updated as new ones emerge. ..
The bug is in Safari’s IndexedDB implementation on all three of Apple’s operating systems. Apparently, a website can see the names of databases for any domain. Typically, a website should only see the names of databases of its own domain, so this is definitely a security issue. The names of the databases can be used to extract information from a lookup table.
With this information, your recent browsing history could surface. Additionally, because Google services store an IndexedDB instance for each of your logged-in accounts, your account name could also be revealed.
As far as what someone could do with this information, they could scrape your Google ID and then use that to find out other personal information about you.
If you want to see the bug in action, you can visit safarileaks.com in the Safari browser on Mac, iPad, or iPhone. If you try from a different browser on Mac, you’ll see a message stating that “Your browser is not affected. Please open this demo in Safari 15 on macOS or any browser on iOS and iPadOS 15.” If you’re on iPad or iPhone, it’ll work either way.
FingerprintJS first reported the bug to Apple on November 28, 2021, but the issue has yet to be resolved. Hopefully, the pressure of the problem being public will push Apple to get a fix out.
