New Safari Bug Lets Websites Track You In Real-Time

Apple likes to bill itself as a privacy-focused company. The company has built many privacy features into its products, but unfortunately it appears that a bug in Safari has been discovered that pretty much undos some of the privacy protections that Apple has put into place.

According to a blog post on the FingerprintJS website, a bug in WebKit’s implementation of a JavaScript API called IndexedDB will actually allow those who exploit the bug access to the user’s recent browsing history and even their identity. Basically it means that if a website wanted to track your browsing activity across different websites during your browsing session, this bug would allow them to do just that.

This issue doesn’t seem to be exclusive to Apple’s Safari but also third-party browsers on iOS. This is because one of the rules that Apple had when it came to third-party browser apps on iOS or iPadOS is that they had to be built using WebKit as well, meaning that it doesn’t matter if you use browsers like Chrome as this bug will affect you as well.

What’s interesting is that it doesn’t seem to affect older WebKit browsers like Safari 14, only Safari 15 which is found in the latest version of macOS and also iOS and iPadOS. Hopefully Apple is now aware of the bug and that they are working on a fix for it.

Tyler Lee
Categories: Apple, General
Tags: iOS, iPad, iPhone, macOS, Privacy, safari