Stop Using Safari Immediately (at Least for Now)
Despite some recent backlash that AirTags has revolutionized the stalking industry, Apple has earned a good reputation compared to other big tech companies when it comes to privacy and security. Knowing this, you might be surprised to know that Apple’s own Safari web browser is not currently safe to use on any of the company’s platforms, including Mac, iOS, and iPadOS.
A critical issue with Safari could leave some of your Google account details and browsing history open to theft due to an IndexedDB implementation bug. When you normally visit a website, that site should only have access to any databases created for its own domain name. This bug, however, allows websites to see other databases and scrape those databases for information such as your Google account profile picture, personal information, or browsing history.
Using the FingerprintJS Safari Leaks test site, you can see this issue in action. When you open it in Safari, the site can immediately get your Google user ID. Even if it isn’t, you can open any of its test websites in a new tab and return to Safari Leaks to see that your browsing history is reported almost immediately. If Safari were to work correctly, this type of information would not be available to Safari Leaks, as the site would only be able to access data from databases created by its domain. But it may collect information from Alibaba, Instagram, Twitter, and possibly other websites that use the IndexedDB JavaScript API.
FingerprintJS was the first to report the bug , but his Jan 14 blog post was not the first time the bug had been made public. According to FingerprintJS, this issue was posted to the WebKit Bug Tracker on Nov. 28 last year, but it wasn’t until Sunday, Jan. 16 that Apple began work on a patch, meaning the bug has been running untreated for at least the past seven weeks.
Apple is now officially working on a fix for this security vulnerability , but until a fix is available, Safari remains vulnerable.
What to do about this Safari security threat
If you’re on a Mac, an easy workaround is to simply use a different browser. Chrome, Firefox, Edge, Opera – take your pick. Unfortunately, the same cannot be said for those of us who work on iOS and iPadOS. While you will find these browsers in the App Store, they are not actually the browsers you use on a Mac.
Apple, being Apple, does not allow developers to make their own full-fledged browsers for the iPhone and iPad. Instead, developers can add their browser’s features to Safari and “sell” it as a standalone browser. While Chrome on iOS may seem like a mobile version of a desktop browser, it’s actually Safari with a Google skin. Sure, you can use handy features like syncing data between Chrome on your Mac and iPhone, but the one you use on mobile is actually Apple’s core.
This is usually not a big deal (though annoying). However, due to security issues, you cannot change your browser like on a Mac. Until Apple releases a fix for Safari on its three major platforms, browsing the web on an iPhone or iPad will be risky no matter what “browser” you’re using.
[ 9to5Mac ]