Security researchers at FingerprintJS have found an IndexedDB API vulnerability in Safari 15 for iPhone and Mac that allows websites to track users’ recent browsing history and even some information about the Google Accounts they use.
A bug in Safari’s implementation of IndexedDB on macOS and iOS allows sites to see database names for any domain, not just their own. Database names can be used to extract identifying information from a lookup table.
For example, Google services store an IndexedDB instance for each of your registered accounts with a database name that matches your Google user ID.
Using the exploit described in the FingerprintJS blog, a third party site can determine your Google User ID and then use it to obtain other personal information about you.
FingerprintJS specialists reported the bug to Apple on November 28, but the company still hasn’t fixed it.
You can buy a new MacBook, iPhone, iPad or other Apple gadget at a bargain price in the store #. Our readers get a special discount using the Digger22 promo code.
The Digger editors maintain a channel in Telegram. Subscribe!
