An unpatched security vulnerability makes Safari a dangerous web browser on Mac, iPhone, and iPad. Despite the recent bad press about AirTags that revolutionized the
 |
| Stop using Safari immediately (at least for now).- Tech Deals |
stalking industry, Apple has a good reputation compared to other giants in terms of privacy and security. Knowing this, you may be surprised to learn that Apple's own Safari web browser is currently not secure for use on corporate platforms including Mac, iOS, and iPadOS.
Due to a serious issue in Safari, some Google account information and search history may be stolen due to a bug in the IndexedDB implementation. In general, when you visit a website, that site should only have access to a database created with its own domain name. However, this bug allows websites to view other databases and scrape those databases for information such as your Google Account profile picture, personal information, or search history. Using the
FingerprintJS Safari Leaks test site you can see this in action in action. When you open it in Safari, the site immediately gets your Google User ID. If not, you can open a test website in a new tab and go back to Safari Leaks to see if your browsing history is reported almost immediately. If Safari was working correctly, this type of information would not be available to Safari Leaks because the site could only access data in the database created by the domain. However, you can use the IndexedDB JavaScript API to collect information from Alibaba, Instagram, Twitter and other websites.
FingerprintJS was the first to report a bug, but his Jan 14 blog post isn't the first time the bug has been publicly disclosed. According to FingerprintJS, the issue was posted to the WebKit Bug Tracker on November 28th, but not until Sunday January 1st. 16 Apple has started working on a fix. This means the bug hasn't been fixed in the last 7 weeks.
Apple is currently officially working on a fix for this security vulnerability, but Safari remains vulnerable until a fix is released.
What to do about this security risk Safari
If you are using a Mac, an easy workaround is to use a different browser. Chrome, Firefox, Edge, Opera - Choose. Unfortunately, the same cannot be said for those who work on iOS and iPadOS. You can find these browsers in the App Store, but they're not really the browsers your Mac uses.
Apple is Apple and does not allow developers to create full-fledged browsers for iPhone and iPad. Instead, developers can add the functionality of the browser to Safari and "sell" it as a standalone browser. Chrome on iOS looks like a mobile version of a desktop browser, but it's actually Safari with a Google skin. Sure, you can get handy features like syncing data between Chrome on Mac and iPhone, but having it on mobile is really Apple's core.
Generally not very important (though annoying). However, due to security concerns, you can't change your browser like you can on a Mac. Browsing the web on your iPhone or iPad is risky, regardless of which "browser" you're using, until Apple announces fixes for Safari on its three major platforms.