Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Safari Bug Allows Websites to Track Your Recent Browsing Activity in Real Time [Updated]
- Thread starter MacRumors
- Start date
- Sort by reaction score
For every security story, you have to look at “How would this be effective”. For example, there’s currently a critical security flaw in macOS in that if someone has physical access to your computer AND knows your password, they can use the keyboard to type in your password and gain access to your account. If your account is an admin, then they have access to all accounts on your computer! A very serious flaw, to be sure, but I doubt Apple does anything about it.
Here, it mentions something that most users are already aware of and deal with fairly quickly… “a tab or window that runs in the background”. Now, assuming a malicious actor hasn’t already hacked into an ad network, we’re talking about a popup window which most of us see, are annoyed by and close immediately. A closed window can’t continually query anything, and CERTAINLY not in real time.
Additionally, well behaved websites CAN open any website in an iFrame, but would MacRumors do that? Would Apple.com do that? No. There are sites out there that would, but, again, this is a situation where you actively have to put yourself into. If a malicious actor sends you a link via email, and you click on the link, sure, they’d be able to track for as long as you don’t close the browser. BUT, if a malicious actor thinks they can get you to click the link, the payload is going to be FAR more effective than an exploit that “kinda” just tracks you but only if you leave your browser windows open and/or NEVER EVER close popup windows.
Ouch! There will always be bugs but this is pretty bad for a company that prides itself for its safety and privacy efforts
Last edited:
All my browsers in iOS and MacOS are set to run in private mode by default, after I quit the browser it erases and starts over again.
I am huge Apple fan and a Mac user since the Mac SE...Apple IIe and GS before that. All that said....Safari just sucks and always has sucked. Why do Mac users continue to use it?
Wondering what you can do about it in the mean time?
Clear your browser’s history and website data now!! And do it regularly until the patch is available and installed.
Clear your browser’s history and website data now!! And do it regularly until the patch is available and installed.
The issue isn’t in the Safari app. It’s in the underlying WebKit framework. That framework powers anything from Mail to macOS help and the iTunes Store and tons of other things. Apple could ship a different WebKit framework version with Safari only, but that would further complicate things in the short term.
apple software needs LTS branches. i don't care about new features 90% of the time.
No what I think he meant: Microsoft fixes features and adds bugs.
Private mode usually only stops the browser from saving cookies and history. Websites can collect all the data they want.
DuckDuckGo Browser is implementing app tracker blocking - currently in beta, and invite only through the browser settings.
Last edited:
Do you mean TOR?Private browsing mode does not protect against the bug in affected Safari versions.
What about Private Relay?
TOR is as about as slow as watching paint dry in winter. On an isp ping test getting ~100ms standard browser, TOR pinged at ~400ms. And my bank would not allow the connection. Additionally my concern is if the end gateway computer is compromised.
Last edited:
No, I mean Apple’s own, introduced in iOS 15 and Monterey? The desktop TOR is Firefox (Gecko) based, so should be ok.
Latest patches for windows and windows server (jan 2022) break IKEV2 vpn’s and causes AD server bootloops. I think you will find that no company is perfect.
I have switched to Firefox because of all the bugs in Safari, but maybe the former is affected too?
I live in the mountains, recommend not burning your gadgets there is only so much scenery you can handle.
Hate to rain on your parade, but the ONLY web browser allowed to run on iOS is Safari. What you are using is just modified GUIs to Safari.
But instead the world is heading in the opposite direction. Burning the mountains and living in our gadgets.
If you truly want real privacy then yes, this is the only way. 😂
Honestly though, Privacy on a mass sold device that connects to the internet is one big farce.
Or simply compartmentalize that framework. Google did it on Android, via System Webview, where Google can update it independently from the OS and Chrome.
This bug seems to be serious. Let's see how fast Apple reacted to fix this. I hope it's a wake up call for Apple to start compartmentalizing iOS. Sure, it's difficult, but imo the payoff is worth it all around.