Researchers have discovered a bug in Safari that allows websites to find out a visitor’s identity and track their browsing activity.
The bug can be found in the IndexedDB API and Safari version 15. Apple has continuously tried to make its native web browser as privacy focused as possible, but all of these could be undone if the bug is not fixed.
IndexedDB was found to violate policies on the iPadOS, iOS and macOS. Websites that interact with the database can find a leak to learn other sites visitors go to and in the same session. Furthermore, the database could include unique identifiers such as authentication credentials. Using a private window won’t keep the user from being identified, but having only a single browser session tends to limit the effect.
Research company FingerprintJS recommends updating Safari or the operating system as soon as a new version is available, or until Apple fixes the issue.