London Daily

Focus on the big picture.
Thursday, Jul 10, 2025

Apple browser bug could lead to personal data leak

Apple browser bug could lead to personal data leak

A vulnerability in the Safari 15 browser allows malicious programs to track people’s internet activity and reveal their identity
A recently disclosed Apple Safari 15 bug can be used by nefarious sites to extract people’s browsing history and obtain their Google ID to collect more personal data, a fraud detector reports.

The problem identified by FingerprintJS, a browser fingerprinting fraud detection service, resides with IndexedDB – an application programming interface, or API, used to store large amounts of data on a browser.

Normally, such data collecting interfaces operate within the ‘same-origin’ policy: they only allow websites a person interacts with to access data generated by each such website itself but not the other ones. For example, if a person opens their email account in one browser tab and another webpage in the second one, this webpage would not be able to access any email-related data.

When it comes to Safari 15, though, this is not the case. Due to Apple’s application of the IndexedDB API, each time a website interacts with the browser database, a new database of the same name is created for all other active tabs. That means that each such site can access database names for all other sites a person interacts with at the same time.

This can be particularly disturbing when a person interacts with some web pages requiring some personal data like YouTube or Google accounts. Any Google ID-linked pages create databases with a person’s unique Google User ID in their names, which are then de-facto shared with all other websites a person opens and can thus be potentially exploited by nefarious actors, including to obtain more personal data once they know the Google ID.

MacOS owners can potentially just use a browser other than Safari to get around the bug but there is little iPhone and iPad owners can do since Apple’s third-party browser engine ban on all iOS devices means all browsers are affected. Private mode on Safari 15 is affected as well.

FingerprintJS even created a special demo to show how website data, browsing history and personal data are collected by Safari in a way that reveals a person’s internet profile picture. It also said it reported the issue to the WebKit Bug Tracker on November 28, but no updates to fix the issue have been released as of yet. Apple also has not answered media requests for comment so far.
Newsletter

Related Articles

0:00
0:00
Close
Severe Heatwave Claims 2,300 Lives Across Europe
NVIDIA Achieves Historic Milestone as First Company Valued at $4 Trillion
Declining Beer Consumption Signals Cultural Shift in Germany
Linda Yaccarino Steps Down as CEO of X After Two Years
US Imposes New Tariffs on Brazilian Exports Amid Political Tensions
Azerbaijan and Armenia are on the brink of a historic peace deal.
Emails Leaked: How Passenger Luggage Became a Side Income for Airport Workers
Polish MEP: “Dear Leftists - China is laughing at you, Russia is laughing, India is laughing”
BRICS Expands Membership with Indonesia and Ten New Partner Countries
Weinstein Victim’s Lawyer Says MeToo Movement Still Strong
U.S. Enacts Sweeping Tax and Spending Legislation Amid Trade Policy Shifts
Football Mourns as Diogo Jota and Brother André Silva Laid to Rest in Portugal
Labour Expected to Withdraw Support for Special Needs Funding Model
Leaked Audio Reveals Tory Aide Defending DEI Record
Elon Musk Founds a Party Following a Poll on X: "You Wanted It – You Got It!"
London Stock Exchange Faces Historic Low in Initial Public Offerings
A new online platform has emerged in the United Kingdom, specifically targeting Muslim men seeking virgin brides
Trump Celebrates Independence Day with B-2 Flyover and Signs Controversial Legislation
Boris Johnson Urges Conservatives to Ignore Farage
SNP Ordered to Update Single-Sex Space Guidance Within Days
Starmer Set to Reject Calls for Wealth Taxes
Stolen Century-Old Rolls-Royce Recovered After Hotel Theft
Macron Presses Starmer to Recognise Palestinian State
Labour Delayed Palestine Action Ban Over Riot Concerns
Swinney’s Tax Comments ‘Offensive to Scots’, Say Tories
High Street Retailers to Enforce Bans on Serial Shoplifters
Music Banned by Henry VIII to Be Performed After 500 Years
Steve Coogan Says Working Class Is Being ‘Ethnically Cleansed’
Home Office Admits Uncertainty Over Visa Overstayer Numbers
JD Vance Questions Mandelson Over Reform Party’s Rising Popularity
Macron to Receive Windsor Carriage Ride in Royal Gesture
Labour Accused of ‘Hammering’ Scots During First Year in Power
BBC Head of Music Stood Down Amid Bob Vylan Controversy
Corbyn Eyes Hard-Left Challenge to Starmer’s Leadership
London Tube Trains Suspended After Major Fire Erupts Nearby
Richard Kemp: I Felt Safer in Israel Under Attack Than in the UK
Cyclist Says Police Cited Human Rights Act for Riding No-Handed
China’s Central Bank Consults European Peers on Low-Rate Strategies
AI Raises Alarms Over Long-Term Job Security
Saudi Arabia Maintains Ties with Iran Despite Israel Conflict
Musk Battles to Protect Tesla Amid Trump Policy Threats
Air France-KLM Acquires Majority Stake in Scandinavian Airlines
UK Educators Sound Alarm on Declining Child Literacy
Shein Fined €40 Million in France Over Misleading Discounts
Brazil’s Lula Visits Kirchner During Argentina House Arrest
Trump Scores Legislative Win as House Passes Tax Reform Bill
Keir Starmer Faces Criticism After Rocky First Year in Power
DJI Launches Heavy-Duty Coaxial Quadcopter with 80 kg Lift Capacity
U.S. Senate Approves Major Legislation Dubbed the 'Big Beautiful Bill'
Largest Healthcare Fraud Takedown in U.S. History Announced by DOJ
×