A software bug has been identified in Apple Safari 15, where the IndexedDB API can be manipulated by any malicious website tracking user activity when they are online. The vulnerability called as IndexedDB leaks was first disclosed by FingerprintJS who reported the bug to Apple on November 28th, 2021.
The IndexedDB is a preliminary JavaScript API offered by web browsers fro managing a NoSQL database of data subject including files and blobs. The same-origin is a fundamental security mechanism which ensures that resources are retrieved from distinct origins. This will be a combo of host, scheme, and a port. By restricting how a script is loaded by one origin can interact with another origin resource, by manage malicious scripts and reduce any attack vectors by restricting malicious websites from running the arbitrary JS codes.
However in case of how the indexedDB API is handled in the Safari, as it is violating the same-origin policy. When a website communicates with a database, a new DB with the same name is created in all frames, tabs and windows within the same active browser instance.
The problem is that this privacy violation in Safari will allow websites to learn what other websites are open and are being visited by the user. This does include Google Services like YouTube and Google Calendar as they can own IndexedDB databases including the Google user IDs. an internal identifier mapping it to a Google Account.
To make things worse, incognito isn’t an exception from this Safari browser vulnerability. Jake Archibald said in a tweet that this is a huge Safari browser vulnerability, Safari users should switch to different browser to avoid data leakage. However, it could apply only to desktops and laptops, while iOS users are left with no choice over browsers.
Subscribe to our newsletter for daily alerts on cyber events, you can also follow us on Facebook, Linkedin, Instagram, Twitter and Reddit.
You can reach out to us via Twitter or Facebook, for any advertising requests.
Explore the top 5 best Microsoft Intune alternatives, comparing key features, user reviews, and capabilities…
Discover the top 7 smartphones of 2024 with best security features, offering privacy, performance, and…
Discover the top 11 log management tools for efficient system management and monitoring. Learn about…
Explore the top 5 threat intelligence tools, their features, and how they enhance cybersecurity against…
Explore the top 5 best PAM Tools, market trends, and expert insights to secure the…
Explore the top solutions for Apple Device Management including to iOS Device Management and macOS…