Safari is facing a serious security vulnerability again. Importantly, the error also affects other browsers on the iPhone and iPad.
New, not very optimistic news has hit the network, which will certainly not please Apple hardware owners. It turns out that devices with the logo of a bitten apple are susceptible to a new, dangerous vulnerability in the Safari system browser.
The latest versions of Safari are vulnerable to an exploit that allows the attacker to gain access to the browsing history as well as selected information about the Google account that the user logged into using the Safari browser.
The above vulnerability works on all versions of Safari 15 on all compatible platforms – macOS, iOS, and iPadOS. The IndexedDB backbone, which is used to store data, violates the same-origan policy and thus does not prevent documents and scripts from interacting from one location. The vulnerability allows properly encoded websites to access information about logged-in users’ Google accounts and browsing history.
Hackers are able to easily intercept your Google account name, profile picture and gather basic account information. Browsing history can be used to prepare a user profile on the web.
Apple has yet to make an official statement on the case. The vulnerability itself was reported on November 28, 2021. Since then, Apple has not updated the security of its Safari browser.
For Mac computers, you can use a different web browser. Unfortunately, this solution will not work on iOS and iPadOS mobile devices. In these systems, every third party browser is based on Safari.