The engineers Apple I’m hard at work for fix the bug which created a serious security flaw in Safari. In fact, earlier this week we learned that it was theoretically possible to access the browser history and even Google User IDs.
Apple is working on the Safari bug
Earlier this week FingerprintJS reported a serious problem on Safari 15, the new version of the Apple browser. A bug that allows malicious sites to consult our history and even extract personal information. But Apple is working on the problem.
According to what emerges on GitHub, an online platform for developers, Apple engineers are already organizing a fix for the problem. The work is about the code di WebKit, the browser engine on which Apple bases Safari. Which is an open-source product, so even the updates for private browser bugs like that of the Apple become public and published on GitHub.
It seems that the problem behind the security flaw is the implementation of IndexedDB, a API Javascript which stores data and information on the browser. Malicious sites set up by hackers could use this exploit to view URL (the addresses) you have visited previously. But yours too Google User ID, which allows you to access private information about your account.
Apple hasn’t given any indication on how it will fix the problem, nor when a fix will be available to users. However, since the changes are directly on the WebKit engine it appears that an update of iOS 15 and macOS Monterey is required to solve the problem. IOS 15.3 and macOS Monterey are currently in beta, so the update may come with the next release.
Note that the bug is not on Safari 14, the version of the browser on iOS 14. The situation is still evolving, we will keep you updated.
Leave a Reply
View Comments