Apple Prepares Fix for Safari Bug Allowing Websites to Decipher Your Recent Browsing Activity
Over the weekend, we reported on a bug in WebKit's implementation of a JavaScript API called IndexedDB that can reveal your recent browsing history and even your identity, according to browser fingerprinting service FingerprintJS.
Apple has since prepared a fix for the bug, according to a WebKit commit on GitHub, but the fix will not be available to users until Apple releases macOS Monterey, iOS 15, and iPadOS 15 updates with an updated version of Safari. Apple declined to comment when asked to provide a timeframe for a fix being released to the public.
The bug allows any website that uses IndexedDB for client-side data storage to access the names of IndexedDB databases generated by other websites during a user's browsing session. The bug could allow one website to track other websites the user visits in different tabs or windows, as the database names are often specific to each website, and sometimes the database names contain user-specific identifiers that could reveal a user's identity.
FingerprintJS has a live demo of the bug, which affects newer versions of browsers using Apple's open source browser engine WebKit, including Safari 15 for macOS and Safari on all versions of iOS 15 and iPadOS 15. The bug also affects third-party browsers like Chrome and Edge on iOS 15 and iPadOS 15, as Apple requires all iPhone and iPad browsers to use WebKit.
The bug does not affect Safari 14 for macOS or any browser on iOS 14 and iPadOS 14, according to FingerprintJS, which has a blog post with more details.
Popular Stories
Apple today shared an ad that shows how the upgraded Center Stage front camera on the latest iPhones improves the process of taking a group selfie.
"Watch how the new front facing camera on iPhone 17 Pro takes group selfies that automatically expand and rotate as more people come into frame," says Apple. While the ad is focused on the iPhone 17 Pro and iPhone 17 Pro Max, the regular iPhone...
In the iOS 26.4 update that's coming this spring, Apple will introduce a new version of Siri that's going to overhaul how we interact with the personal assistant and what it's able to do.
The iOS 26.4 version of Siri won't work like ChatGPT or Claude, but it will rely on large language models (LLMs) and has been updated from the ground up.
Upgraded Architecture
The next-generation...
Apple plans to announce the iPhone 17e on Thursday, February 19, according to Macwelt, the German equivalent of Macworld.
The report, citing industry sources, is available in English on Macworld.
Apple announced the iPhone 16e on Wednesday, February 19 last year, so the iPhone 17e would be unveiled exactly one year later if this rumor is accurate. It is quite uncommon for Apple to unveil...
In select U.S. states, residents can add their driver's license or state ID to the Apple Wallet app on the iPhone and Apple Watch, and then use it to display proof of identity or age at select airports and businesses, and in select apps.
The feature is currently available in 13 U.S. states and Puerto Rico, and it is expected to launch in at least seven more in the future.
To set up the...
New MacBook Pro models with the M5 Pro and M5 Max chips could arrive as soon as Monday, March 2, according to Bloomberg's Mark Gurman.
In today's "Power On" newsletter, Gurman said that the release of new MacBook Pro models is tied to the release of macOS Tahoe 26.3. The launch is said to be slated for as early as the week of March 2. He added that the M4 Pro and M4 Max models on sale today...
