General

Jan 18, 2022

Safari leaks your browser history

A bug in WebKit, the underlying technology behind Apple's browser Safari, leaks information about browser history and Google Account information when logged into Google services.

The holes hit Safari 15 and therefore macOS, as well as iOS and iPadOS

It is FingerprintJS that has revealed the hole that is considered rough. The security experts contacted Apple about the problem on November 28, but have not heard back from the company.

The problem briefly explained, is that IndexedDB used in Safari incorrectly shares database information with web pages that have nothing to do with the other domain. In this way, the website can retrieve information from the database.

You can check with your own browser and Google ID that the error works.

This is how it works:

Google did not make the same mistake
Your Googe ID, which is a unique number, can also be retrieved and then hackers can also link this ID with other websites the surfer visits - in this way, hackers can create an image of a possible victim.

FingerprintJS has tested with 30 large websites and found that the technique works, but the number is probably much higher as it will probably be able to be used on almost all websites that use the IndexedDB JavaScript API.

The correct way to do this, and as Chrome already does, is that the website can only see databases created by the same domain as its own, as 9to5Mac points out.

iOS 15-hole leaked private Apple ID data to third-party apps

Category: Apple|Jan 21, 2022 | Author: Admin

Had to crisis-postpone new 5G standard in the US to avoid plane chaos

Category: IT|Jan 20, 2022 | Author: Admin

No one found out that the iPhone 13 is missing this until now

Category: Apple|Jan 19, 2022 | Author: Admin

Safari leaks your browser history

Category: General|Jan 18, 2022 | Author: Admin

Chromium Trouble - Can't change default search engine anymore

Category: Google|Jan 17, 2022 | Author: Admin

Here, developers are allowed by Apple to offer alternative payment methods

Category: Apple|Jan 16, 2022 | Author: Admin

Microsoft refuses to correct the error - took matters into its own hands

Category: Microsoft|Jan 15, 2022 | Author: Admin

Now Meta gets the authorities on its neck, again

Category: General|Jan 14, 2022 | Author: Admin

Has invested heavily in podcasts - now Spotify is closing down the studio

Category: General|Jan 13, 2022 | Author: Admin

Claims HomePod mini is on its way to Norway

Category: General|Jan 12, 2022 | Author: Admin

Linux gets the function everyone wants

Category: IT|Jan 11, 2022 | Author: Admin

Flasher RTX 3080 Ti with 3090 BIOS for extra efficient Ethereum mining

Category: General|Jan 10, 2022 | Author: Admin

Dice continues to destroy for himself: removed favorite from Battlefield 2042

Category: General|Jan 9, 2022 | Author: Admin

NBN Co applies fix to get hundreds of Sky Muster satellite services back online

Category: IT|Jan 8, 2022 | Author: Admin

You can trick Windows 11's new media player

Category: Microsoft|Jan 7, 2022 | Author: Admin

News Targeted

News Targeted

General

Safari leaks your browser history

The holes hit Safari 15 and therefore macOS, as well as iOS and iPadOS

It is FingerprintJS that has revealed the hole that is considered rough. The security experts contacted Apple about the problem on November 28, but have not heard back from the company.

The problem briefly explained, is that IndexedDB used in Safari incorrectly shares database information with web pages that have nothing to do with the other domain. In this way, the website can retrieve information from the database.

You can check with your own browser and Google ID that the error works.

This is how it works:

Google did not make the same mistake
Your Googe ID, which is a unique number, can also be retrieved and then hackers can also link this ID with other websites the surfer visits - in this way, hackers can create an image of a possible victim.

FingerprintJS has tested with 30 large websites and found that the technique works, but the number is probably much higher as it will probably be able to be used on almost all websites that use the IndexedDB JavaScript API.

The correct way to do this, and as Chrome already does, is that the website can only see databases created by the same domain as its own, as 9to5Mac points out.

iOS 15-hole leaked private Apple ID data to third-party apps

Had to crisis-postpone new 5G standard in the US to avoid plane chaos

No one found out that the iPhone 13 is missing this until now

Safari leaks your browser history

Chromium Trouble - Can't change default search engine anymore

Here, developers are allowed by Apple to offer alternative payment methods

Microsoft refuses to correct the error - took matters into its own hands

Now Meta gets the authorities on its neck, again

Has invested heavily in podcasts - now Spotify is closing down the studio

Claims HomePod mini is on its way to Norway

Linux gets the function everyone wants

Flasher RTX 3080 Ti with 3090 BIOS for extra efficient Ethereum mining

Dice continues to destroy for himself: removed favorite from Battlefield 2042

NBN Co applies fix to get hundreds of Sky Muster satellite services back online

You can trick Windows 11's new media player

News Targeted

News Targeted

General

Safari leaks your browser history

The holes hit Safari 15 and therefore macOS, as well as iOS and iPadOS

It is FingerprintJS that has revealed the hole that is considered rough. The security experts contacted Apple about the problem on November 28, but have not heard back from the company.

The problem briefly explained, is that IndexedDB used in Safari incorrectly shares database information with web pages that have nothing to do with the other domain. In this way, the website can retrieve information from the database.

You can check with your own browser and Google ID that the error works.

This is how it works:

Google did not make the same mistakeYour Googe ID, which is a unique number, can also be retrieved and then hackers can also link this ID with other websites the surfer visits - in this way, hackers can create an image of a possible victim.

FingerprintJS has tested with 30 large websites and found that the technique works, but the number is probably much higher as it will probably be able to be used on almost all websites that use the IndexedDB JavaScript API.

The correct way to do this, and as Chrome already does, is that the website can only see databases created by the same domain as its own, as 9to5Mac points out.

iOS 15-hole leaked private Apple ID data to third-party apps

Had to crisis-postpone new 5G standard in the US to avoid plane chaos

No one found out that the iPhone 13 is missing this until now

Safari leaks your browser history

Chromium Trouble - Can't change default search engine anymore

Here, developers are allowed by Apple to offer alternative payment methods

Microsoft refuses to correct the error - took matters into its own hands

Now Meta gets the authorities on its neck, again

Has invested heavily in podcasts - now Spotify is closing down the studio

Claims HomePod mini is on its way to Norway

Linux gets the function everyone wants

Flasher RTX 3080 Ti with 3090 BIOS for extra efficient Ethereum mining

Dice continues to destroy for himself: removed favorite from Battlefield 2042

NBN Co applies fix to get hundreds of Sky Muster satellite services back online

You can trick Windows 11's new media player

Google did not make the same mistake
Your Googe ID, which is a unique number, can also be retrieved and then hackers can also link this ID with other websites the surfer visits - in this way, hackers can create an image of a possible victim.