CATEGORIES
home News

Heads-Up Apple Users, Safari And iOS Are Leaking Your Browsing Activity Right Now

by Jeff ButtsTuesday, January 18, 2022, 04:31 PM EDT
Woman browsing web on MacBook

If you’re a Safari user, either on desktop or iOS, it may be time to change browsers, at least temporarily. More flaws have been uncovered in Safari’s tracking prevention system. In this case, a bug within Safari 15 means that any website is able to track all of your internet activity and even reveal your identity.

At a fundamental security level, web browser technologies follow the "same-origin policy," which puts restrictions on how documents or scripts from one web page can interact with resources from others. For example, a web page from HotHardware.com should not be able to access sensitive resources from YouTube.com, or vice versa for that matter.

Woman working at MacBook

Unfortunately, for Apple device users, Safari has a checkered past when it comes to properly following security fundamentals. The bug at work, called an IndexedDB leak, breaks that security restriction. Whenever a website interacts with a database, like when you log into a site, the browser creates a new, empty database with the same name in all other active frames, tabs, and windows within that browser session. This shouldn’t happen, but the bug allows the data to leak across. The demo video below shows how this happens.

This means that websites have access to details about the other pages you’re visiting that they shouldn’t have. For example, when you log into YouTube, your authenticated Google user ID is exposed to other sites. Malicious websites could not only learn your identity, but even link together multiple separate accounts you might have.

The researchers who discovered this bug have identified more than 30 different websites using IndexedDB. They reported the bug to Apple on November 28, 2021. Apple engineers reported working on the bug as of January 16, 2022, and have marked the issue as resolved. Since the new version of Safari with this fix is as of yet unreleased, the bug persists in the wild.

Until Apple releases the fix, you should probably change browsers ASAP. This apparently won’t help on iOS or iPadOS, though, since all browsers use the affected WebKit engine. However, blocking all Javascript by default, and only enabling it on trusted sites, could help protect you until the fix is delivered.

Tags:  Apple, Safari, security, WebKit, (NASDAQ:AAPL), web-browser
JB

Jeff Butts

Jeff Butts was a nerd long before they got their revenge. He’s been voiding warranties since the early 1980s, when he took apart his uncle’s 286 to try coaxing a bit more power out of the Hercules graphics controller. Either by luck or skill (or both), nobody ever knows he’s voided their warranty because Jeff knows and lives by the most important rule: don’t get caught. These days, when Jeff’s not voiding warranties, he’s writing about voiding warranties.

Opinions and content posted by HotHardware contributors are their own.
TOP STORIES
Which New GPU Is For You?
More Results
KEEP INFORMED

Stay updated with the latest news and updates. Subscribe to our newsletter!

Subscribe Now
SITE

Home

Reviews

News

Blogs

Full Site

Sitemap

CATEGORIES

PC Components

Systems

Mobile

IT Infrastructure

Leisure

Videos

COMPANY

About

Advertise

News Tips

Contact

Privacy And Terms

HotTech

MORE

Accessibility

Shop

STAY CONNECTED

Twitter

Facebook

YouTube

RSS

As an Amazon and Howl Technologies Associate, HotHardware earns a commission from qualifying purchases made on this site. This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or his associates. All products and trademarks are the property of their respective owners. Reproduction in whole or in part, in any form or medium, without express written permission of Hot Hardware, Inc. is prohibited. All content and graphical elements are Copyright © 1999 - 2025 Hot Hardware Inc, Inc.
All rights reserved. Privacy and Terms - Accessibility Commitment