| Thread Tools |
19th January 2022, 10:01 | #1 |
[M] Reviewer Join Date: May 2010 Location: Romania
Posts: 148,802
| Apple permitted publication of Safari data for months Could not be bothered fixing the problem Fruity cargo cult Apple sat on a serious Safari bug which disclosed user data for months and still cannot be bothered fixing it. The fault found here from FingerprintJS discloses information about your recent browsing history and even some info of the logged-in Google account. Making it an ideal thing for autocratic government’s to use for snooping on dissidents and journalists who are dumb enough to use Safari to surf the web. The problem lies in Safari's super cool, advanced, and secure IndexedDB implementation on Mac and iOS. It provides a feature which means that a website can see the names of databases for any domain, not just its own. The database names can then be used to extract identifying information from a lookup table. For instance, Google services store an IndexedDB instance for each of your logged in accounts, with the name of the database corresponding to your Google User ID. Using the exploit described in the blog post, a nefarious site could scrape your Google User ID and then use that ID to find out other personal information about you, as the ID is used to make API requests to Google services. In the proof-of-concept demo, the user's profile picture is revealed. FingerprintJS says they reported the bug to Apple on 28 November but it has not yet been resolved. https://fudzilla.com/news/mobile/542...ata-for-months |
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Apple’s Safari went with a Chrome idea | Stefan Mileschin | WebNews | 0 | 28th July 2021 07:03 |
Apple gives the people what they want: their old Safari tab design back | Stefan Mileschin | WebNews | 0 | 15th July 2021 11:29 |
Google will auto-delete new users' web data after 18 months | Stefan Mileschin | WebNews | 0 | 25th June 2020 07:44 |
Apple sharing fanboys' Safari data with the Chinese | Stefan Mileschin | WebNews | 0 | 15th October 2019 07:29 |
Safari in iOS sends some Safe Browsing data to Tencent | Stefan Mileschin | WebNews | 0 | 14th October 2019 05:20 |
Google faces lawsuit in the UK over Safari data collection | Stefan Mileschin | WebNews | 0 | 22nd May 2018 12:37 |
Apple’s Safari update secretly mines data to protect your privacy | Stefan Mileschin | WebNews | 0 | 27th September 2017 17:22 |
Apple will deactivate Flash by default on Safari 10 | Stefan Mileschin | WebNews | 0 | 20th June 2016 05:50 |
Apple introduces new Safari for OS X Maverick | Stefan Mileschin | WebNews | 0 | 11th June 2013 07:48 |
Google to limit data retention to 18 months | Sidney | WebNews | 1 | 12th June 2007 17:44 |
Thread Tools | |
| |