时间:2025-04-26 20:09:59 来源:网络整理编辑:焦點
A vulnerability in Safari can be exploited to expose your browser history — and possibly eleme
A vulnerability in Safari can be exploited to expose your browser history — and possibly elements of your identity.
Revealed in a Saturday blog post by FingerprintJS, the bug was introduced to Safari 15 via the Indexed Database API(IndexedDB), which is part of Apple's WebKitweb browser development engine. To put it simply, IndexedDB can be used to save data on your computer such as websites you've visited, making them load quicker when you return to them later.
IndexedDB also usually follows the same-origin policysecurity mechanism, which doesn't let websites freely interact with each other unless they have the same domain name (among other requirements). Think of it like being in quarantine and only being allowed to hang out with members of your household. So for example, Netflix can't access IndexedDB's saved data to find out you've been cheating on them with YouTube.
SEE ALSO:How to move Safari's search bar back to the top in iOS 15Unfortunately, the bug revealed by FingerprintJS causes IndexedDB to violate the same-origin policy, exposing data it has collected to websites it didn't collect it from. Even worse, some websites such as those in Google's network use unique user-specific identifiers in the data provided to IndexedDB. This means that, if you're logged into your Google account, the collected data can be used to precisely identify both your browsing history and details of your account. And if you're logged into more than one account, it can figure that out too.
iRobot Roomba Combo i3+ Self-Emptying Robot Vacuum and Mop—$329.99(List Price $599.99)
Samsung Galaxy Tab A9+ 10.9" 64GB Wi-Fi Tablet—$169.99(List Price $219.99)
Apple AirPods Pro 2nd Gen With MagSafe USB-C Charging Case—$189.99(List Price $249.00)
Eero 6 Dual-Band Mesh Wi-Fi 6 System (Router + 2 Extenders)—$149.99(List Price $199.99)
Apple Watch Series 9 (GPS, 41mm, Midnight, S/M, Sports Band)—$299.00(List Price $399.00)
"Not only does this imply that untrusted or malicious websites can learn a user’s identity, but it also allows the linking together of multiple separate accounts used by the same user," wrote FingerprintJS. They also released a demonstrationshowing the type of information the exploit can reveal.
FingerprintJS reported the bugat the end of last November, but Apple still hasn't fixed it. Mashable has reached out to Apple for comment.
All of this is concerning, but there isn't much you can do about it right now. Browsing in Safari's Private mode can mitigate the potential damage, since a private tab can't tell what's going on in any other tabs regardless of whether they're private or public. However it still isn't foolproof.
"[I]f you visit multiple different websites within the same [private] tab, all databases these websites interact with are leaked to all subsequently visited websites," wrote FingerprintJS.
Mac users can avoid the vulnerability by switching from Safari to a different browser, but people on iOS or iPadOS are out of luck. While only Safari has been impacted on Mac, Apple's requirement that all iOS and iPad web browsers use WebKit means the IndexedDB bug has impacted every browser on these systems. The best we can do is either wait for Apple to come out with a patch, switch to an Android, or just log off.
TopicsAppleCybersecurity
Uber's $100M settlement over drivers as contractors may not be enough2025-04-26 19:44
主場魔咒 ?馬競連續6戰不勝 數據證晉級概率五五開2025-04-26 19:40
官方 :李金羽繼續擔任武漢隊主教練2025-04-26 19:34
歐冠賠率:曼城略勝紅軍拜仁 輸球隊中皇馬仍有戲2025-04-26 19:18
Daughter gives her 1002025-04-26 18:57
清華大學高材生向根寶基地捐贈50萬元 助力青訓事業2025-04-26 18:49
C羅2射0正空中對抗成功0 近4戰馬競3平1負顆粒無收2025-04-26 18:41
女足隔離期間進行高強度體能訓練 全隊進入亞運會時間2025-04-26 18:37
U.S. pole vaulter skids to a halt for national anthem2025-04-26 18:25
皇馬購法甲20歲天才 其父曾是齊祖戰友在巴薩退役2025-04-26 18:12
Nate Parker is finally thinking about the woman who accused him of rape2025-04-26 19:49
看驚了!阿根廷聯賽驚人一幕 球迷在看台揮灑骨灰2025-04-26 19:34
韓媒 :海港因高薪打算放棄洛佩斯 球員本人已開始尋找下家2025-04-26 19:01
未來之星!廣州城14歲混血球員黃晟豪跳級入選U17國少2025-04-26 18:39
This company is hiring someone just to drink all day2025-04-26 18:31
瑞典捷克波蘭發布聯合聲明 拒赴俄羅斯參加世預賽2025-04-26 18:25
曝前海港主帥佩雷拉接手科林蒂安 球隊擁有多位中超舊將2025-04-26 18:13
印尼男足將歸化3名球員 均有血統1人曾入選西班牙國青2025-04-26 17:55
Pokémon Go is so big that it has its own VR porn parody now2025-04-26 17:46
萊萬全場0射拜仁陷險境 紅軍新老三叉戟無縫銜接2025-04-26 17:39