As reported, this bug is a result of the implementation of IndexedDB by Apple. FingerprintJS said, “IndexedDB is a browser API for client-side storage designed to hold significant amounts of data. It’s supported in all major browsers and is very commonly used.” Generally, a website should be able to view the names of the databases of its domain but this bug is letting a website view the names of the databases for the random domains. This is certainly a security issue as the names of the databases could be used to mine information from a lookup table. This information can make your recent browsing history surface online. Even your Google account name can be revealed since Google services stores an IndexedDB instance for all your logged-in accounts. Miscreants may scoop out your Google ID with this information and use it to find out additional personal data about you. Watch the bug in action by opening safarileaks.com in the latest version of the Safari browser on your iPhone, iPad, or Mac. This website has been developed by FingerprintJS to demonstrate the bug. You will be able to see the kind of information being leaked by IndexedDB. You may be able to see your Google profile photo and the same can be looked up using the ID attached to some site’s IndexedDB caches. It was discovered and instantly reported to Apple by FingerprintJS on November 2021. But nothing was done till now. However, since the issue has been revealed to the public leading to pressure build-up the tech giant worked relentlessly to fix this bug. Apple has been able to fix the bug as of now and marked the issue resolved. However, it would not take effect immediately as updates take time to roll out. It would be a while before your device receives the update and gets fixed. However, if you use a different browser, you will get the message, “Your browser is not affected. Please open this demo in Safari 15 on macOS or any browser on iOS and iPadOS 15.” Till that time, keep your data protected by using Firebox on your Mac which is a non-WebKit browser. If you are using an iPad or iPhone disable Javascript. However, this step will make many sites break. Thus, you may allow it on the most trusted websites. Let us know in the comments section below if you are also vulnerable to this bug. Share this article with more and more people to caution them against using the Safari browser.
