时间:2024-11-22 01:02:22 来源:网络整理编辑:焦點
A vulnerability in Safari can be exploited to expose your browser history — and possibly eleme
A vulnerability in Safari can be exploited to expose your browser history — and possibly elements of your identity.
Revealed in a Saturday blog post by FingerprintJS, the bug was introduced to Safari 15 via the Indexed Database API(IndexedDB), which is part of Apple's WebKitweb browser development engine. To put it simply, IndexedDB can be used to save data on your computer such as websites you've visited, making them load quicker when you return to them later.
IndexedDB also usually follows the same-origin policysecurity mechanism, which doesn't let websites freely interact with each other unless they have the same domain name (among other requirements). Think of it like being in quarantine and only being allowed to hang out with members of your household. So for example, Netflix can't access IndexedDB's saved data to find out you've been cheating on them with YouTube.
SEE ALSO:How to move Safari's search bar back to the top in iOS 15Unfortunately, the bug revealed by FingerprintJS causes IndexedDB to violate the same-origin policy, exposing data it has collected to websites it didn't collect it from. Even worse, some websites such as those in Google's network use unique user-specific identifiers in the data provided to IndexedDB. This means that, if you're logged into your Google account, the collected data can be used to precisely identify both your browsing history and details of your account. And if you're logged into more than one account, it can figure that out too.
iRobot Roomba Combo i3+ Self-Emptying Robot Vacuum and Mop—$329.99(List Price $599.99)
Samsung Galaxy Tab A9+ 10.9" 64GB Wi-Fi Tablet—$169.99(List Price $219.99)
Apple AirPods Pro 2nd Gen With MagSafe USB-C Charging Case—$189.99(List Price $249.00)
Eero 6 Dual-Band Mesh Wi-Fi 6 System (Router + 2 Extenders)—$149.99(List Price $199.99)
Apple Watch Series 9 (GPS, 41mm, Midnight, S/M, Sports Band)—$299.00(List Price $399.00)
"Not only does this imply that untrusted or malicious websites can learn a user’s identity, but it also allows the linking together of multiple separate accounts used by the same user," wrote FingerprintJS. They also released a demonstrationshowing the type of information the exploit can reveal.
FingerprintJS reported the bugat the end of last November, but Apple still hasn't fixed it. Mashable has reached out to Apple for comment.
All of this is concerning, but there isn't much you can do about it right now. Browsing in Safari's Private mode can mitigate the potential damage, since a private tab can't tell what's going on in any other tabs regardless of whether they're private or public. However it still isn't foolproof.
"[I]f you visit multiple different websites within the same [private] tab, all databases these websites interact with are leaked to all subsequently visited websites," wrote FingerprintJS.
Mac users can avoid the vulnerability by switching from Safari to a different browser, but people on iOS or iPadOS are out of luck. While only Safari has been impacted on Mac, Apple's requirement that all iOS and iPad web browsers use WebKit means the IndexedDB bug has impacted every browser on these systems. The best we can do is either wait for Apple to come out with a patch, switch to an Android, or just log off.
TopicsAppleCybersecurity
Olympics official on Rio's green diving pool: 'Chemistry is not an exact science'2024-11-22 00:56
韓喬生:足協這兩年的操作 把中國足球活活搞成了四不像2024-11-22 00:55
李可因罕見傷病提前離開賽區 本人正經曆艱難時刻2024-11-22 00:17
媒體人:重慶可能要退出中超 揭幕戰改為泰山對浙江2024-11-22 00:17
Honda's all2024-11-21 23:29
坎特發聲婉拒曼聯邀約 圖赫爾:今夏得重建球隊了2024-11-21 23:28
紅軍人!傑拉德談對陣曼城 :會全力給他們製造困難2024-11-21 23:20
追平C羅!梅西獲國家隊第2冠 職業生涯獎杯達40個2024-11-21 23:19
Xiaomi accused of copying again, this time by Jawbone2024-11-21 23:00
巴媒:高拉特回巴西後表現不佳 原因是中超強度低和膝蓋傷病2024-11-21 22:36
Singapore gets world's first driverless taxis2024-11-22 01:01
米蘭連迎大利好 :搞定錦鯉再挖榜三 錢不夠有人湊2024-11-22 00:38
北京國安發布新賽季球衣 :同心同袍 並肩戰鬥2024-11-22 00:38
曼聯自信能說服巴薩放行德容 認為隻需要5000萬鎊2024-11-22 00:25
This weird squid looks like it has googly eyes, guys2024-11-21 23:51
捉鬼 !又捉鬼!曼聯老戲新編 英媒:這次捉出來了2024-11-21 23:43
亞洲杯官方為戚務生慶生:曾率中國男足奪廣島亞運會銀牌2024-11-21 23:43
曼聯官方 :林加德合同到期離隊 結束21年紅魔生涯2024-11-21 23:20
This company is hiring someone just to drink all day2024-11-21 22:47
青島海牛出征開啟中甲之旅 外援齊聚核心回歸後勤俱到2024-11-21 22:32