New Bug in Safari 15 could Leak Personal Information: The cyber security company ‘ fingerprints ‘ has identified the new bug in the Safari browser. The company provides ‘browser fingerprint’ and online fraud detection services. According to FingerprintJS, the complexity stems from Apple’s ‘IndexedDB’; The application programming interface (API) stores data in the browser.
Explaining the whole matter, FingerprintJS said that IndexedDB should act following the ‘same-origin policy.’ Because of this policy, information about one website online cannot be collected by another website. For example, suppose a user leaves an email in one browser tab and a webpage infected with malware in another account. In that case, the malware-infected page will not steal information from the email webpage due to the ‘same-origin policy.’
But the problem is with the implementation of Apple’s IndexDB API. FingerprintJS says that the application system of IndexedDB API is violating the ‘Same-Origin Policy.’ Whenever Safari databases co-circulate information, new databases with the same name pop up in all active frames, tabs, and windows running in the same browser session. This is a security issue, but it means that information about sites will be seen by others. Technology news site Verge reported on this similar design technology.
As a result, websites will see the names of databases created on other websites, Verge technology site. Websites such as YouTube, Google Calendar, and Google Keep use the user’s Google Account, naming the new database with the user’s Google ID. Google collects open user data with the user’s ‘Google User ID.’ And because of this process, the user’s personal and vital data can be leaked from the practical weakness of IndexDB in the Safari browser.
Verge says FingerprintJS has so far been able to identify 30 popular websites that have suffered from the bug. Those sites include Instagram, Netflix, Twitter, Xbox, and Netflix. However, Verge fears that more and more websites may be victims of the bug.
There is currently no solution to this problem. Fingerprint JS also said that the ‘private mode’ of the Safari browser is also a victim of the bug. Apple has banned the use of third-party browser engines on the iOS platform, even though MacOS may have access to other browsers.
FingerprintJS reported the bug in the Safari browser in November last year. However, the browser has not received any updates yet. Verge did not immediately respond to a request for comment from Apple.
Read More: Google Pixel Fold Design Leaked
