iPhone and Mac users love Apple’s Safari browser because it’s quick and easy to use. However, you may want to put it on hold for a while. Several websites, including those owned by hackers, may be able to access the browsing history and personal information of Safari users because of a new security issue discovered in the browser. This means that Safari should not be used until a patch is available from Apple.
With this problem, websites that store information about browsing sessions using Safari’s IndexedDB service are essentially granted access to other websites that save information about their own browsing sessions using the same IndexedDB service. And this is worrisome since your data may be exploited in a variety of ways by anybody who has access to it. This data is a gold mine for social media giants like Facebook, but hackers may steal it all if they infect the site with malicious code and use it to target unsuspecting users.
During a surfing session, the data is exposed, so a website may get information from all the websites you browse in separate tabs or windows. This, however, should not occur because each website’s IndexedDB data during a browsing session should be unique. IndexedDB should be accessible to websites in an ideal case. As you can see, the issue exposes the databases of all websites to the scrutiny of other websites. This is bad.
If a background tab or window continuously requests the IndexedDB API for accessing databases, it is possible to discover in real-time what other websites a user visits. “Alternatively, websites can cause an IndexedDB-based leak for a specific site by opening any other website in an iframe or popup window.”
IndexedDB database names on certain websites, like YouTube, include user-specific identifiers that are unique to the individual. When a user authenticates their Google account, YouTube generates a database with that information in the name. Information about the user from other websites, such as their profile photo, can be accessed using this Google ID and other Google APIs. Hackers might use or sell this information for criminal purposes if it reaches their hands, which is not an easy thing to achieve under the best of circumstances.
For Mac users, the problem affects Safari 15; for iPhone and iPad users, it affects all Safari versions running iOS 15 and iPadOS 15. Furthermore, the Chrome browser on iOS 15 and iPadOS 15 is also affected. Why? Because both Safari and Chrome employ Apple’s open source WebKit browser engine, the flaw affects them both. There is no benefit to using Private Mode or Incognito Mode.
You should use a different browser on your Mac until Apple acknowledges the problem and releases a patch. Because all browsers on iPhones and iPads utilise WebKit, which contains the problem, there isn’t much of an alternative for those with those devices.