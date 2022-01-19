A Safari browser bug is capable of exposing a user’s browsing history and sensitive Google account information to criminals. Apple’s browser has flaws in the indexed implementation on macOS and iOS systems, allowing a website to see database names for any domain, not just its own. The flaw was discovered by the FingerprintJS digital security service.

According to the website The Verge, browsers must not allow a browser tab to access other content. In this way, if the user logs in to a website and some malware is active in another tab, he will not be able to view the data because they are not connected in the same place of origin. Safari version 15 however has glitches interacting with the IndexedDB database API and is not working as it should.

Once a browser tab accesses a database, Safari creates empty data content in all other active tabs. Therefore, malicious software can view the name and private information of the account or profile accessed. FingerprintJS warns that malware can be programmed to exploit the flaw and discover more private user information through this visible data.

The content itself is not available on the Internet, but the user’s name appears directly related to the database file that was created at the time of access. In short, the information can be accessed by all sites, not just by those using the respective API. The glitch has been reproduced on sites like Instagram, Netflix, Twitter and Xbox, but it can occur with any service that uses this set of standards.

The FingerprintJS digital security service claims that there is no efficient method for the user to protect himself. The only possible course of action would be to block JavaScript completely by default, but this action can affect the functioning of legitimate websites that use the feature.

For Mac users, the best solution is to use another browser. However, on iPhone and iPad devices, this change has no effect, as there is a possibility that the flaw will appear in other browsers.

In its report, FingerprintJS said that it warned Apple about the bug on November 28, but that the company has done nothing to resolve it so far.

With information from 9to5Mac and The Verge

