A bug has just slipped into IndexedDB, a JavaScript API widely used by websites, because it allows access to a certain amount of information of all kinds on the user who visits the site. But thanks to the new bug, websites are now able to know and track a person's browsing history, and even their identity, in real time.
This bug was discovered late last week and was the main subject of a blog post published by the FingerprintJS browser fingerprinting service. According to the first information we have about it, it allows, as explained above, websites using the API to have access to the entire IndexedDB database of a user, and not just the part. concerning.
A bug that affects Safari, but not only
According to initial diagnostics, this bug should only affect the most recent versions of iOS and iPadOS, as well as the Safari 15 version available on Mac. Even more problematic, the bug could even affect users browsing third-party apps likeChrome running iOS 15 or iPadOS 15.
Apple was contacted to find out if the Cupertino company had planned to correct this major security problem. If, as usual, the Apple brand has not made any communication on this subject, it is very likely that the API developers who work for Apple are already on a war footing, determined to resolve this bug asap.
As a reminder, Apple made confidentiality its main focus last year, notably with the App Transparency Act and other measures taken by the firm to reduce tracking on the internet. A bug of this magnitude affecting this part of Apple is therefore a serious setback for Apple, which must correct it as quickly as possible.
i-nfo.fr - Official iPhon.fr app
By : Keleops AG
