The bug was introduced in the implementation of IndexedDB, which works as an application programming interface (API) to store structured data. The personal information available on your Google account isn’t safe as this Mac vulnerability can allow hackers to get access to your data. So, to fix the flaw, install the latest software update that is issued quickly by Apple.
Safari 15 Bug Lets Attackers Spy Your Personal Data
MacOS users can use a third-party web browser, but iPhone and iPad users can’t. The Safari bug was first reported by 9to5Mac; it says the fraud detection firm FingerprintJS has discovered the bug that impacts the Safari browser. The vulnerability in IndexedDB is found in Safari 15. Researchers from FingerprintJS found that Apple’s implementation of IndexedDB violated the policy, and it results in a loophole that can exploit by the attacker to get access to users browsing activity or the details with Google account. “Every time a website interacts with a database, a new (empty) database with the same name is created in all other active frames, tabs, and windows within the same browser session.” This Safari bug allows the hackers to know which websites you are visiting in different tabs or windows. The hackers also get Google IDs, even if the user has not logged in with their Gmail. This bug can easily expose the user’s data as any website on Safari is now accessible to the names of databases for any domain. Moreover, in the database names, few of the sites like YouTube on Google’s network add unique user-specific identifiers. The attackers can use this data and can easily identify your browsing history and details of your Google account. Around 30 popular websites have been affected, including Instagram, Netflix, Twitter, Xbox, and more.
