Over the years, Apple has marked privacy as a central theme for its products. Safari, Apple’s default web browser, is equipped with a variety of privacy features to prevent websites from capturing data related to user search habits and creating personas that can be used to serve ads on websites and other platforms – but not limited to – but not limited to – Google Facebook. With safari 15 which was launched ahead of MacOS 12 Monterey and iOS 15, Apple strengthens this privacy feature including intelligent tracking prevention to hide the user’s IP address and email address from the website.
However, a bug in Safari and Apple’s webkit fire places both – Apple’s reputation for privacy and user data – risky and affects some Apple devices including iPhone, iPad, and Mac.
The bug was found by fingerprintjs, a company that sells technology products such as fingerprint tools for web admin. In accordance with the web consortium throughout the world, fingerprints are techniques used by websites to identify users and read and collect their data accurately even when they turn off cookies.
Fingerprintjs recorded a bug in Safari 15 exploiting indexeddb fire to steal user data. Indexeddb API is supported by the majority of the latest web browsers and is usually used to store large amounts of data at the end of the user. Every time a user browse the website, they interact with the website database, which is not visible to other websites.
To prevent important user data from divided between devices, many web-based products follow the same origin policy (as defined by Mozilla Foundation). The policy limits the interaction between different origin components, which basically means that the website will not share with other websites whatever important data is based on user information.
Bugs help web products ignore the same origin policy, and can enable crime potentially steal data related to user identity. Along with Safari 15 in MacOS, this bug affects all web browsers on each iPhone and iPad model.