FingerprintJS discovered the problem, a browser fingerprinting and fraud detection service, caused by a fault with Apple's implementation of IndexedDB, an application programming interface (API) that saves data on your browser.
According to a new claim, a software fault in Apple browser Safari 15 may allow any website to track your online activities and even disclose your identity via macOS, iOS, and iPadOS 15. In this scenario, the vulnerability is also reported to affect private mode viewing in the Safari 15 browser. FingerprintJS discovered the problem, a browser fingerprinting and fraud detection service, caused by a fault with Apple's implementation of IndexedDB, an application programming interface (API) that saves data on your browser.
In a statement, FingerprintJS stated IndexedDB is a client-side storage API for browsers that can contain large quantities of data. It is supported by all major browsers and is widely used.
According to the survey, more than 30 websites connect with indexed databases immediately on their homepage, with no extra user involvement or authentication required. IndexedDB, like other current web browser technologies, adheres to the same-origin principle. The same-origin policy is a key security technique that limits the ability of documents or scripts loaded from one origin to interact with resources from other origins. "The IndexedDB API violates the same-origin policy in Safari 15 on macOS, as well as in all browsers on iOS and iPadOS 15," FingerprintJS warned.
Hackers can use the weakness to learn which websites you are browsing in multiple tabs or windows. It also makes your Google User ID available to websites other than those where you have checked in with your Google account. Websites may access your personal information using your Google User ID, like your profile picture. Hackers might eventually peek at such IDs by exploiting the Safari vulnerability.
Also Read | iPhone SE 3 to have same design as its predecessor, might come with 5G technology: Report
FingerprintJS detected the breach, however, there hasn't been an update to Safari yet. Users who use Safari 15 in private mode can limit the amount of information exposed via the breach because private browsing sessions on the browser are limited to a single tab. You will, however, end up revealing your data if you browse different websites in the same tab at the same time. However, Mac users may avoid the security flaw by using a third-party browser or Google Chrome or Mozilla Firefox.
Also Read | Apple's AR/VR headset to hit stores in 2022? Read details