时间:2025-09-19 02:06:27 来源:网络整理编辑:焦點
A vulnerability in Safari can be exploited to expose your browser history — and possibly eleme
A vulnerability in Safari can be exploited to expose your browser history — and possibly elements of your identity.
Revealed in a Saturday blog post by FingerprintJS, the bug was introduced to Safari 15 via the Indexed Database API(IndexedDB), which is part of Apple's WebKitweb browser development engine. To put it simply, IndexedDB can be used to save data on your computer such as websites you've visited, making them load quicker when you return to them later.
IndexedDB also usually follows the same-origin policysecurity mechanism, which doesn't let websites freely interact with each other unless they have the same domain name (among other requirements). Think of it like being in quarantine and only being allowed to hang out with members of your household. So for example, Netflix can't access IndexedDB's saved data to find out you've been cheating on them with YouTube.
SEE ALSO:How to move Safari's search bar back to the top in iOS 15Unfortunately, the bug revealed by FingerprintJS causes IndexedDB to violate the same-origin policy, exposing data it has collected to websites it didn't collect it from. Even worse, some websites such as those in Google's network use unique user-specific identifiers in the data provided to IndexedDB. This means that, if you're logged into your Google account, the collected data can be used to precisely identify both your browsing history and details of your account. And if you're logged into more than one account, it can figure that out too.
iRobot Roomba Combo i3+ Self-Emptying Robot Vacuum and Mop—$329.99(List Price $599.99)
Samsung Galaxy Tab A9+ 10.9" 64GB Wi-Fi Tablet—$169.99(List Price $219.99)
Apple AirPods Pro 2nd Gen With MagSafe USB-C Charging Case—$189.99(List Price $249.00)
Eero 6 Dual-Band Mesh Wi-Fi 6 System (Router + 2 Extenders)—$149.99(List Price $199.99)
Apple Watch Series 9 (GPS, 41mm, Midnight, S/M, Sports Band)—$299.00(List Price $399.00)
"Not only does this imply that untrusted or malicious websites can learn a user’s identity, but it also allows the linking together of multiple separate accounts used by the same user," wrote FingerprintJS. They also released a demonstrationshowing the type of information the exploit can reveal.
FingerprintJS reported the bugat the end of last November, but Apple still hasn't fixed it. Mashable has reached out to Apple for comment.
All of this is concerning, but there isn't much you can do about it right now. Browsing in Safari's Private mode can mitigate the potential damage, since a private tab can't tell what's going on in any other tabs regardless of whether they're private or public. However it still isn't foolproof.
"[I]f you visit multiple different websites within the same [private] tab, all databases these websites interact with are leaked to all subsequently visited websites," wrote FingerprintJS.
Mac users can avoid the vulnerability by switching from Safari to a different browser, but people on iOS or iPadOS are out of luck. While only Safari has been impacted on Mac, Apple's requirement that all iOS and iPad web browsers use WebKit means the IndexedDB bug has impacted every browser on these systems. The best we can do is either wait for Apple to come out with a patch, switch to an Android, or just log off.
TopicsAppleCybersecurity
'The Flying Bum' aircraft crashes during second test flight2025-09-19 02:00
被王寶強休妻!馬蓉爆熱戀多金男驚人身價曝2025-09-19 01:52
陶紅出席精美頒獎禮 斬獲年度實力女演員2025-09-19 01:49
杜江霍思燕合體出席頭條盛典 演藝匠心鑄就品質演員2025-09-19 01:47
Researchers create temporary tattoos you can use to control your devices2025-09-19 01:32
大師駕到·麥田房產2020老客戶開新嘉年華2025-09-19 01:20
“海之聲”新年演出季 : 共同唱響時代精神 傳承創新傳統文化2025-09-19 01:09
鎮魂街精美手辦想要嗎 ?明天開售的iQOO Neo 855競速版禮盒有驚喜2025-09-19 00:54
U.S. government issues warning on McDonald's recalled wearable devices2025-09-19 00:43
大師駕到·麥田房產2020老客戶開新嘉年華2025-09-18 23:32
Dressage horse dancing to 'Smooth' by Santana wins gold for chillest horse2025-09-19 02:01
用歌聲描繪幸福 鄭爽帶父母參加2020北京台春晚2025-09-19 02:00
吳鎮宇時隔多年再次出演古裝俠客 片場大秀演技2025-09-19 01:49
無論工作或生活,田亮都在穿CARNAVAL DE VENISE!2025-09-19 01:46
Snapchat is about to explode in popularity, report says2025-09-19 00:29
陳星璿 :跌宕影視圈二十載 暢談與潘長江 、吳宇森合作緣起2025-09-19 00:22
荒木由美子出席品牌發布會 個人皮包品牌在上海高島屋獨家首發2025-09-19 00:11
比音勒芬祝楊爍生日快樂丨經曆大江大河 ,未來一起前行2025-09-19 00:08
Singapore gets world's first driverless taxis2025-09-18 23:56
抖音直播群星寵粉夜完美收官 口碑爆棚引好評2025-09-18 23:41