Have you ever wondered what would happen if one day, your browser records were made public?
If it is fruit, it may buy a ticket overnight to escape the earth.
Recently, there have been news reports of a serious bug in the Safari browser.
The vulnerability could reveal the user's browsing activity as well as links to some personal information in the user's Google account.
Specifically, the vulnerability was discovered in the Webkit implementation of the JavaScript API called IndexedDB in Safari.
In simple terms, IndexedDB records the information of the website when the user browses the website, such as name, user name information, etc., and then generates the corresponding database.
Because the indexed database is associated with a particular source, only the source site can access the data.
However, according to the bug announced this time, different websites can also access the IndexedDB database generated by other websites, so they can read the user's browsing history and personal information.
* Sourcenet is for example only
One might ask, will this vulnerability read the browser's cookies?
Cookies record in detail the websites visited, when they visited, and how long they stayed. If this is read, the nature of the hazard is several levels higher.
Because with cookie data, some websites will maliciously push relevant advertisements or sell information according to their preferences.
The good news is that there are no risks in this regard at this time.
Of course, for anyone, the risk of privacy leakage is ultimately unpleasant.
And safari's bug this time is not just the phone, due to Apple's common standards, it will also affect Safari 15 on all versions of iOS 15, macOS Monterey and iPadOS 15.
Apple computers are in a better position, though, and can be circumvented using browsers other than Safari.
But phones and tablets aren't so lucky...
Because Apple requires all browsers to use the WebKit website rendering engine on both iPhone and iPad, even if you switch to other third-party browsers, such as Chrome or Microsoft Edge, you may be at risk of this vulnerability.
And even browsing the web using "privacy mode" is useless.
For now, we can only wait for Apple and the WebKit development team to fix it in the next update.
But it's really too slow...
According to FingerprintJS, the agency that found the vulnerability, they reported the leak to Apple's WebKit Bug Tracker on November 28, but Apple did not respond to it.
* Image source FingerprintJS
Could it be faster!? Although there are no major impact events that have been revealed.
But Guozi is really just worried about everyone's privacy security.
Fruit has never browsed any strange web pages, absolutely not!
In fact, Safari has not had vulnerabilities more than once.
In August 2019, Google disclosed a number of Safari browser vulnerabilities to Apple, although Apple engineers said in a December article that the problem was fixed and thanked Google for its help.
But Justin Schuh, Google Chrome chrome engineering director, said: "Although Apple claims that the vulnerability has been fixed, this is not the case. Apple's privacy vulnerabilities are far more serious than the types of traces that should have been blocked.
Closer to us is the incident of the famous jailbreak team Pangu successfully escaping the web remote jailbreak through the Safari vulnerability, although this vulnerability was later fixed in iOS 15.2. But it's enough to show that Safari isn't as secure as everyone thinks.
In fact, not only Apple, but also many products have been successfully "jailbroken" because of browser vulnerabilities.
For example, 3DS starts with a browser vulnerability; PSV is a browser vulnerability; PS4 is also a browser vulnerability. And these machines should all use the same kernel, this open source kernel is Webkit.
So later PS5 cut the browser ~
Back to the main topic, although Apple vigorously promotes security and privacy protection and launches app permission tracking, there is no impermeable wall in the world, even if it is as strong as Apple, there are times when the car rolls over.
No company in the world can swear that their system is foolproof, that loopholes are always there, and that they need to be constantly improved to fix.
Not only Apple, I hope that these large companies can do an exemplary role, put user privacy in the heart, the problem will certainly be, but I hope to be able to actively solve it at the first time, and then better maintenance, self-inspection, and repair engineering.
As a user, it is more reassuring to use.