iPhone Safari Bug Can Leak Your Google Account Info, Let Hackers Spy on Your Browsing History: Is There a Fix?

iPhone Safari Bug Can Leak Your Google Account Info, Let Hackers Spy on Your Browsing History: Is There a Fix?
Unfortunately, Apple has yet to address this severe iPhone Safari bug that reveals an Apple user's browser history and even leaks login information on Google accounts. LOIC VENANCE/AFP via Getty Images

A flaw discovered in iPhones and iPads can leak user data from third-party browsers. It reveals an Apple user's browser history and even leaks login information on Google accounts! Unfortunately, Apple has yet to address this severe iPhone Safari bug.

Researchers from Fingerprint JS revealed the details of this software bug discovered in Safari 15. They said exploiting its IndexedDB API can let malicious actors spy on a victim's internet activity and reveal their identity. Researchers created a demo site and video explanation on the topic, which is embedded below.

iPhone Safari Bug: Leaked Information

According to researchers, the bug violates the "same-origin" policy that prevents data scripts from one program from interacting with another. It works by reading the coded websites from a third-party browser about their web history, open tabs and windows.

As seen in the video demonstration, researchers used two websites as an example. Their simulation first recorded the YouTube entry. Next, it revealed a very specific Google ID linked to a logged-in account. Researchers pointed out that this information could be used to deanonymize a victim.

In theory, hackers can exploit this bug to grab a victim's username and profile. Then they might use the profile picture to search for other online accounts with the same face. Eventually, malicious actors might compile a rudimentary profile of the victim.

The proof-of-concept is only limited to 30 domain names, per 9to5mac. However, there is nothing stopping malicious actors from expanding it to a much larger set. This implies a severe security threat to Apply users' privacy.

Apple Devices With Safari Bug

Researchers said that any website running with IndexedDB JavaScript API is vulnerable to the Safari 15 bug. The bug is found on any iPhone running on iOS 15 and iPad running on iPadOS 15.

Researchers also revealed that using private mode in Safari 15 will not resolve the issue. The problem also persists on private tabs from browsers like Brave or Google Chrome running on iOS.

The bug was officially reported to the WebKit Bug tracker on November 28, 2021, as bug 233548.

Did Apple Fix the iPhone Safari Bug?

FingerprintJS researchers said they notified Apple about the issue last year. However, at the time of writing, the problem is yet to be resolved. Engadget said they tried to ask Apple for a comment about the issue. Unfortunately, the company did not respond.

For now, Apple users worried about the flaw are recommended to avoid using internet browsers on their iPhones and iPads. Instead, they should resort to surfing with their Mac devices. This is an extremely round-about method for a quick Google search. However, it is the only safe option available until Apple has resolved the case.

Hopefully, Apple developers might start their security update later this month. Fans are recommended to watch out for incoming iOS and iPadOS updates in the coming days.

© 2024 iTech Post All rights reserved. Do not reproduce without permission.

More from iTechPost

Real Time Analytics