Apple working on a fix for Safari bug that allows access to a user’s Google ID

Safari

Following recent reports on a Safari bug that could let websites track users’ browsing histories and access Google IDs on iOS 15 and iPadOS 15, Apple is preparing a fix. However, the fix will not be available to users until Apple releases macOS Monterey, iOS 15 and iPadOS 15 updates with an updated version of Safari.

The bug was found in an API (IndexedDB) which is used and supported by major web browsers and could be used by attackers to find out many things about the user browsing. It could allow one website to track other websites the user visits in different tabs or windows.

Database names are normally specific to each website, and can sometimes contain user-specific identifiers that could reveal the identity of the user. In short, the bug allows websites to potentially gain access to a person’s Google ID.

Apple has not yet provided information about when the fix will be available to users. The Cupertino firm is currently running tests with iOS 15.3 beta and macOS Monterey 12.2 beta, so it will be interesting to see whether the fix for the Safari bug comes with the next beta updates.

Note that the vulnerability does not affect Safari 14 for macOS or any browser on iOS 14 and iPadOS 14, according to the browser fingerprinting service FingerprintJS, which has provided further information on the bug in a blog post.

Tagged:
Newsroom
About the Author

News content on AppleMagazine.com is produced by our editorial team and complements more in-depth editorials which you’ll find as part of our weekly publication. AppleMagazine.com provides a comprehensive daily reading experience, offering a wide view of the consumer technology landscape to ensure you're always in the know. Check back every weekday for more. Editorial Team | Masthead – AppleMagazine Digital Publication