Safari: Apple will fix the bug that leaks your history

A few days ago, we reported that a bug in Safari on iPhone, iPad and Mac allowed you to recover your browsing history, as well as your Google ID. It will soon be ancient history.

Safari: Apple will fix the bug that leaks your history

Soon a fix for annoying Safari bug

Indeed, Apple is preparing a patch to correct this bug, as can be seen at the level of a commit on the GitHub of WebKit, namely the rendering engine of the browser. The patch seems technically ready, but it is not yet available. Indeed, we have to wait for Apple to offer a new update to iOS 15 because Safari is not an application that can be updated via the App Store. And unfortunately, there is no announced date regarding the availability of the patch. As for macOS, Apple could simply offer an update to Safari, without the need to update macOS Monterey.

Remember in passing that the bug was reported for the first timeā€¦ in November. Apple is only correcting it now because it’s been talked about in the media. This is not the first time such a scenario has occurred.

With the bug, any site using IndexedDB can know the names of other IndexedDB databases that have been generated by other sites on Safari. This is a way to know the recent browsing history of the user. Sites should normally only have access to their own database. The problem actually goes further since some databases have specific identifiers and not randomly generated identifiers. This is particularly the case of Google, which chooses the unique identifier of each user as a name. This identifier can be used to have information about the identity of the user.

The safarileaks.com site offers a demonstration of the bug with Safari and shows you the last sites visited.

Leave a Comment