Users of Apple devices have encountered a serious vulnerability in a proprietary browser. It allows attackers to access your browser history and some Google account information. The vulnerability exists in Safari 15 on all supported platforms, and even in third-party browsers running on iOS 15 and iPadOS 15, as it is related to the IndexedDB framework, which is used in many browsers to store data. It breaks the same-origin principle, which prevents documents and scripts from one location (such as a domain or protocol) from interacting with content from another. As a result, websites with the corresponding code have access to the above information.

Attackers only know the names of the records, not the values. However, this is enough to get the Google username, find the profile picture, and learn more about the user. The history can also be used to build a rudimentary profile of the sites he likes. As stated, the vulnerability cannot be hidden even in private browsing mode.

According to the source, he reported the problem to Apple on November 28, but the company has not yet fixed it with security patches.

bbabo.Net