Apple browser Safari 15 is found to have a vulnerability that could let any website track your internet activity and even reveal your identity on macOS, and in all browsers on iOS and iPadOS 15, according to a new report. Researchers at FingerprintJS, a browser fingerprinting and fraud detection service, revealed that Apple’s implementation of IndexedDB has caused this software bug.
An IndexedDB is a browser application programming interface (API) designed to hold significant amounts of data. It’s supported in all major browsers including Chrome and is very commonly used. However, the researchers at FingerprintJS said that Apple’s implementation of IndexedDB enables an attacker to gain access to your browsing activity or identity attached to your Google account.
According to the researchers, the private mode viewing in Safari 15 browser is also suspected to be affected by the vulnerability. The vulnerability enables hackers to learn what websites you are visiting in different tabs or windows.
Additionally, it also exposes your Google User ID to websites other than those where you have logged in with your Google account. FingerprintJS claims that the number of websites that can interact and gain access to users’ browsing activity and personal data can be significant. The report said that more than 30 websites interact with indexed databases directly on their homepage, without any additional user interaction or the need to authenticate.
“We suspect this number to be significantly higher in real-world scenarios as websites can interact with databases on subpages, after specific user actions, or on authenticated parts of the page,” said the FingerprintJS team.
In order to demonstrate the flaw, a proof-of-concept has also been made public by the researchers.
“Unfortunately, there isn’t much Safari, iPadOS and iOS users can do to protect themselves without taking drastic measures. One option may be to block all JavaScript by default and only allow it on sites that are trusted. This makes modern web browsing inconvenient and is likely not a good solution for everyone. Another alternative for Safari users on Macs is to temporarily switch to a different browser. Unfortunately, on iOS and iPadOS this is not an option as all browsers are affected,” the researchers added.
