Anyone with an Apple iPhone, iPad or Mac is susceptible to hackers today thanks to a new vulnerability within Safari.
Every Apple device today contains a significant privacy problem within the Safari Internet browser. Security specialist FingerprintJS discovered a vulnerability in late November 2021 that allows hackers to access browser history and Google account information. Apple was given a deadline to fix the problem, but they failed to do so. As a result, the vulnerability is now being made public.
Any Safari browser (version 15 or older) is vulnerable, as are all third-party Internet browsers within iOS 15 and iPadOS 15. The flaw is in the IndexedDB framework that stores data for quite a few Internet browsers. IndexedDB violates the “same-origin” rule that prevents documents and scripts from one location (a domain or protocol) from interacting with content from another. This allows properly encrypted websites to deduce Google information from logged-in users as well as the history of open tabs and windows.
The vulnerability allows rogue hackers to extract data such as your Google username, profile picture and other background information. This can be used to create a profile of you for personal phishing campaigns, for example.
The only way around the problem is to disable JavaScript on your Mac, iPhone or iPad or to use a different Internet browser on your Mac. Apple has not commented on the problem for now so it is consequently unclear when a security update will be rolled out to mitigate the issue.