Users of Apple devices appear to be subject to a serious browser privacy issue. FingerprintJS, according to trustworthy sources, has uncovered an exploit that allows attackers to acquire your recent browsing history, as well as certain Google account information, from Safari 15 across all supported devices, as well as third-party browsers on iOS 15 and iPadOS 15. The IndexedDB framework (used to store data on many browsers) is infringing on the “same-origin” policy, which prohibits documents and scripts from one location (such as a domain or protocol) from interacting with content from another, allowing appropriately coded websites to deduce Google information from signed-in users as well as histories from open tabs and windows.
The issue solely jeopardizes the database names, not the content itself. This, however, would be sufficient for a malicious site owner to obtain your Google username, locate your profile picture, and learn more about you. The history might also be used to create a rudimentary profile of the sites you enjoy. According to FingerprintJS, private surfing will not disable the vulnerability.
However, FingerprintJS stated that it reported the vulnerability on November 28th and that Apple has yet to resolve it with security upgrades that honor the same-origin requirement. Until then, the only alternative for Macs may be to use a third-party browser or block all JavaScript, neither of which is always an option.
- Google Introduces AI Mode: A Game-Changer for Search - March 12, 2025
- Security Researchers Find DeepSeek Security Vulnerabilities - February 6, 2025
- Tech Giants Unite to Tackle Child Safety Online with ROOST - January 11, 2025
