Bug in Safari leaks user identity and browsing data

Published

Researchers have discovered a bug in Safari that allows websites to find out a visitor’s identity and track their browsing activity.

Safari

The bug can be found in the IndexedDB API and Safari version 15. Apple has continuously tried to make its native web browser as privacy focused as possible, but all of these could be undone if the bug is not fixed.

IndexedDB was found to violate policies on the iPadOS, iOS and macOS. Websites that interact with the database can find a leak to learn other sites visitors go to and in the same session. Furthermore, the database could include unique identifiers such as authentication credentials. Using a private window won’t keep the user from being identified, but having only a single browser session tends to limit the effect.

Research company FingerprintJS recommends updating Safari or the operating system as soon as a new version is available, or until Apple fixes the issue.

Photo of author

Samantha Wiley

Samantha is a senior news editor at iLounge. She has been covering the technology industry for over five years, writing about Apple, Google, and other major companies. Samantha has also worked as a reporter and editor for several other publications.