Apple device users appear to be vulnerable to a significant browser privacy flaw. According to 9to5Mac, FingerprintJS has disclosed an exploit that lets attackers obtain your recent browser history, and even some Google account info, from Safari 15 across all supported platforms as well as third-party browsers on iOS 15 and iPadOS 15. The IndexedDB framework (used to store data on many browsers) is violating the "same-origin" policy that prevents documents and scripts from one location (such as a domain or protocol) from interacting with content from another, letting appropriately coded websites deduce Google info from signed-in users as well as histories from open tabs and windows.
The flaw only compromises the names of the databases rather than the content itself. However, this would still be enough for a malicious site owner to grab your Google username, discover your profile picture and otherwise learn more about you. The history could also be used to piece together a rudimentary profile of the sites you like. Private browsing won't defeat the exploit, FingerprintJS said.
Sun, 16 Jan 2022 20:07:11 +0000