1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Apple patches Safari bug that leaked user data

    From TechnologyDaily@1337:1/100 to All on Fri Jan 21 13:15:04 2022
    Apple patches Safari bug that leaked user data

    Date:
    Fri, 21 Jan 2022 12:55:00 +0000

    Description:
    iOS 15.3 and macOS 12.2 Release Candidate versions shipped to developers and beta users

    FULL STORY ======================================================================

    Apple has pushed iOS 15.3 RC and macOS Monterey 12.2 RC to developers and
    beta users as part of a plan to fix a Safari flaw that leaked browsing
    history and some Google data.

    This follows recent news that cybersecurity researchers from FingerprintJS
    had found a problem in an Apple API - IndexedDB, used to store data in the browser .

    Safari 15 has a security measure that prevents malicious pages, opened in
    one tab, to read the data generated by websites opened in another tab. The researchers found that the API doesnt follow this policy, and instead creates a new database with the same name in all other active frames, tabs, and windows, within the same browser session. No wider release just yet

    Describing the potential ways to leverage the flaw, researchers explained
    that a malicious page opened in one tab, could obtain data generated by the page in another. Furthermore, the flaw can be leveraged to obtain Google account data.

    Googles services (for example, YouTube) generate databases containing the unique Google User ID in their names. As these IDs are used to access public information, such as a profile picture, other sites could see it, as well.

    FingerprintJS has even created a dedicated website to demonstrate the bug in the wild. Now, as reported by 9to5Mac, testing for the flaw on devices
    updated to iOS 15.3 RC and macOS 12.2 RC has shown that the website no longer sees any data, and shows a user not being logged into their Google account.

    The researchers claimed that the flaw affected all iOS 15 and macOS Monterey versions, until this newest one. iOS 14, however, was not affected, nor were those still using Safari 14 on older versions of the Mac.

    Apple is yet to set an official release date for these new versions of the operating system, but given that the Release Candidate version has already been shipped, its safe to assume that it wont take too long. You might also want to check out our list of the best firewalls right now

    Via: 9to5Mac



    ======================================================================
    Link to news story: https://www.techradar.com/news/apple-patches-safari-bug-that-leaked-user-data/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)