Despite the recent unfavorable publicity about AirTags revolutionizing the stalking industry, Apple has a strong reputation when it comes to privacy and security when compared to other big digital companies.
Knowing this, it may come as a surprise that Apple’s own web browser, Safari, is currently unsafe to use on any of the company’s platforms, including Mac, iOS, and iPadOS.
Through an IndexedDB implementation bug, a severe Safari bug can expose some of your Google Account data and browser history to theft. When you visit a website, you should be able to access only the databases created by that website’s domain name.
This bug, on the other hand, allows websites to see other databases and scrape them for information like your Google Account avatar, personal information, or browsing history.
Even if it can’t, you may access any of the company’s test websites in a new tab and then return to Safari Leaks to see your browsing history reported almost instantly.
Safari Leaks would not be able to obtain this type of information if Safari were functioning properly, as the site would only be able to access data from databases generated by its domain.
The bug was first reported by FingerprintJS on January 14, however it wasn’t the first time it was made public.
According to FingerprintJS, this defect was reported to the WebKit Bug Tracker on November 28 of last year, but Apple didn’t start working on a fix until Sunday, January 16, meaning the bug has been unfixed for at least seven weeks.
Apple is now working on a patch for this security weakness, however Safari remains vulnerable until the patch is available.
What to do about this security threat
If you’re on a Mac, a simple remedy is to use another browser. Choose from Chrome, Firefox, Edge, or Opera. Unfortunately, the same cannot be said for iOS and iPadOS users. While these browsers are available on the App Store, they are not the same as those available on Mac.
Apple, being Apple, does not permit developers to create their own full-fledged iPhone and iPad browsers. Developers, on the other hand, get to add their browser’s functionality to Safari and “sell” it as a separate browser.
While Chrome on iOS may appear to be a mobile version of the desktop browser, it is actually Safari with a Google veneer on top. Sure, you can utilize features like data sync between Chrome on your Mac and iPhone, but the one you use on mobile is essentially Apple’s core.
Normally, this isn’t a big deal (although it is annoying). When it comes to security, you can’t change your browser like you can on a Mac. Using the internet on an iPhone or iPad is unsafe until Apple fixes Safari across its three major platforms, regardless of which “browser” you use.