Fast? This is not fast. Due to the monolithic nature of iOS, users have to wait for Apple to push the update as an iOS update, instead of just patching Safari straight.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Apple Prepares Fix for Safari Bug Allowing Websites to Decipher Your Recent Browsing Activity
- Thread starter MacRumors
- Start date
- Sort by reaction score
The problem is Safari being bundled into macOS/iOS/iPadOS. WebKit actually reacts much faster on functions and issues.
Ahh more good reasons to stick with High Sierra on my Mac.. although Handoff and Continuity kinda died. Boo. Never worked well anyway, but would be nice to have. And Calendar is mostly a hot mess held together by dried glue...
But it works...-ish...
But it works...-ish...
Using Firefox while Safari is being repaired is a great idea 👍
Brave, Opera and Vivaldi are based on Chromium Open-Source Project https://github.com/chromium/chromium
Maybe these exploits should start making their way into the illegality realm… sure fine, there’s “an exploit” that allows to decipher, or to flame a bit, steal someone’s information, but if anyone acts on it then hefty fine, personal damages up to possible jail time.
Just like a store can be stolen at anytime if security is circumvented also means a criminal offense.
*yeah I know, some states allow stealing less than $950 worth of goods a shot, but let’s just ignore that part of this bizarro world momentarily for this analogy to work out
Just like a store can be stolen at anytime if security is circumvented also means a criminal offense.
*yeah I know, some states allow stealing less than $950 worth of goods a shot, but let’s just ignore that part of this bizarro world momentarily for this analogy to work out
Not when you are on iOS. Every browsers on iOS use the same Safari/Webkit engine, and are affected by this bug.
Doesn’t affect iOS 14 and older?
Allow users to downgrade then instead of constantly being in jeopardy.
Allow users to downgrade then instead of constantly being in jeopardy.
I’d be much happier if they reacted this fast when the bug was brought to their attention back in November. It was only after the vulnerability went public when Apple reacted. There seems to be something off with their bug prioritizarion process especially for a company that claims to care about privacy.
Looking at the early versions of iOS15, we kinda know that Apple dropped the ball somewhere. I have a feeling they put most of their engineers into developing the mass scanning system (as such they managed to announced it without any prior notice, not even during WWDC, out of the blue). The aftermath now is obvious.
Serious issue. Hoping fix comes soon.
It’s ridiculous that Apple still requires a whole OS Update to make an update for their apps on iOS / iPadOS. Why not simply push it through the AppStore
Webkit is baked into the iOS experience which is why it functions so smoothly, seamlessly and perfectly compared to Android.
When would be a good time? We are now 4 month after initial release of iOS15. That is not upgrading right when a new iOS is released.
I'm curious how fast they moved in the previous 6 weeks, since they were informed about the issue. This appears to be damage control.
This bug will enable a website to see the name of a website you have open in a background tab, but:
- Only if it uses IndexedDB.
- Only if it’s sufficiently unique.
- Only the name, such as “Facebook” is leaked, nothing else. No subpage or data.
Apple taking it's time to role out an update to fix the bug is going to help those who wish to exploit the bug. I have no doubt that criminal elements have already coded fake websites and mass emailed people fooling them in thinking it's a genuine website in the hope that people fool for it and give there data to the criminals.
Obviously Apple does not think it's users data (identity) is worth protecting because it's not taking the matter seriously enough to role an urgent update to fix the bug.
Obviously Apple does not think it's users data (identity) is worth protecting because it's not taking the matter seriously enough to role an urgent update to fix the bug.
Even worse they're declining to comment when asked to provide a timeframe for a fix being released to end-users.
Engineering for obsolescence. Browser is the most often used app so by bundling it with OS updates you'll be forced to buy a new device when OS updates stop.
Apple should be forced to allow other browsers with their own engine. Only WebKit is a monopoly situation.
The bug was reported to Apple last november. They're only starting to look at it now as it hits the news.
Using only private tabs will fix this I suppose, because no data at all is kept between sessions.
Private browsing is my default way of browsing anyway in these cookie infested times. Logging in every time you visit a site is a tiny inconvience compared to losing your privacy.