Apple’s Safari Browser Is Putting User Privacy At Risk

By Joseph Farago | 4 months ago

apple safari

The latest version of Apple’s Safari browser, Safari 15, contains a bug jeopardizing users’ private information. This malfunction can expose browser history and personal identifiers in your Google account. Apple’s decision to use a new programming interface called IndexedDB is the likely source for these info leaks.

Apple needs IndexedDB to store data while you’re using its Safari browser. The problem with this new implementation is its breach of the same-origin policy, protecting personal information when multiple tabs are open. If you have your bank account available on one tab and access another tab for coat shopping, your passwords and info can be breached through the latter.

Apple isn’t the only tech company that uses IndexedDB. Many major brands use IndexedDB, and it’s supported in almost every browser. It’s known as a low-level API (application programming interface), used extensively for its flexibility with developers.

FingerprintJS, a fraud detection service, tested Safari’s data breach with its own demo. The demo takes Apple’s IndexedDB to simulate a leak through multiple open sites. It shows how hackers can infiltrate your open websites and access personal information from your Google User ID. FringerprintJS found 30 popular websites affected by the Safari bug, including Instagram, Twitter, and Xbox.

Incognito options won’t circumvent Safari’s bug problem. According. to FingerprintJS, the Private Browsing mode doesn’t stop personal info access through open websites. The best thing to do is try another browser in the meantime while Apple works to remove the bug.

Though it doesn’t eliminate the possibility of a leak, the Private Browsing function in Safari may mitigate the problem. Apple’s Safari browser only lets you surf with one tab when you browse privately, lessening the chance of data accessibility. But, if you leave the first tab to check out other websites, the database containing your private info from the initial page is leaked to every following site.

This type of privacy breach occurs when new databases are created. When you browse, a database stores information from one site and holds that data exclusively. The Safari bug opens a new database containing the data from one specific site, suddenly accessible to all tabs and frames on the browser. Passwords and identification are then free to retrieve through unprotected web pages, violating the same-origin policy.

Apple is dealing with another bug occurring in its messaging app. In the newest software IOS 15, iMessage users reported read receipts staying on even when the function is disabled. There isn’t a straightforward way to eliminate the problem, but temporarily restarting the iPhone may help. For most, Apple users patiently wait for the company to combat Safari’s pesky bug folly.

For Apple’s Safari browser, there’s one thing users can apply to stop a data breach. Blocking JavaScript may be the best way to ensure your data is safe or only enable it on trusted sites. This may feel antiquated and inefficient for modern times, but the setbacks from disarming JavaScript can help contain private data. Apple continues to find a solution for this issue, stating that Safari users should update their browsers once the bug is gone.