Safari Bug Allows Websites to Track Your Recent Browsing Activity in Real Time [Updated]

[ian87w]

I haven’t used Safari in over 6 years on the iPhone. It’s literally the worst browser there is. Brave, Opera, and Edge are all superior IMO.

This bug affects ALL browsers in iOS since every browser in iOS are required to use the Safari/Webkit engine.

 

[makr]

Swell. add that to the huge bug list in Monterey.

Meanwhile Microsoft fixes bugs, adds new features on a week by week basis.

Like the bug they created that caused repeated restarts on all Windows Server domain controllers?

 

[Wildkraut]

Wonder if this is fixed in iOS 15.3?
Maybe it’s time for Apple to decouple Safari from the main OS update, so issues like this can be quickly patched just by patching the Safari app.

Sad enough that you have to wonder.
This is just another Apple issue, a decent changelog would be welcome.

Anyway, funny how Apple (the biggest incompetent company) attends a meeting in the White House to discuss about Security Risks of OpenSource Software, isn’t it?! ?

 

[Unregistered 4U]

Wondering what you can do about it in the mean time?

Clear your browser’s history and website data now!! And do it regularly until the patch is available and installed.

Or, just keep on doing what you’re doing. If you get any pop up windows, close them. The only way this works is if you go to a page that’s running the exploit and you leave that page open for it to do it’s thing. Close it and no exploit. Never open it in the first place, and no exploit.

 

[laptech]

The more pressing question that needs to be answered is why is such a function in Webkit to begin with because it is clear it's purpose is to track the habits of the user. This is why tracking users has become such a problem because the makers of web browsers design their browsers with tracking capabilities built in which others then exploit for their own gains at the expense of the user.

 

[MacHiavelli]

Apple has history here:

Bad Apple Safari update breaks IndexedDB JavaScript API, upsets web apps

Developers fed up with iGiant neglecting non-native software

www.theregister.com

 

[Kuckuckstein]

Microsoft fixes bugs and adds features? I think you meant Linux.

Actually, Microsoft’s Edge browser gets updates almost weekly, which is no guarantee for bug fixing but at least allows them to be more reactive. Compared to that the update cycles on Apple’s browser are super slow. Which would be ok if all was watertight and they were ahead of the Internet game. But these days, Safari actually often lags behind.

The main problem for is iOS where there is no alternative.

 

[Tsepz]

This bug affects ALL browsers in iOS since every browser in iOS are required to use the Safari/Webkit engine.

This should literally be a * in the article lol.

 

[Kuckuckstein]

Wouldn't disabling JavaScript mitigate this?

Yes it would but it also would render most websites unusable these days.

 

[TechRunner]

I feel like I should just burn all my gadgets and go live in the mountains. ?

I've considered this myself, and I have the gear to do it haha. My wife, on the other hand...

 

[dumastudetto]

If this was a genuinely serious problem, Apple would have fixed it already. I'm staying calm and carrying on as normal.

 

[iHorseHead]

Microsoft fixes bugs and adds features? I think you meant Linux.

They do. They do so weekly.

 

[iHorseHead]

Please...don't say stuff like that when I'm drinking milk. Not pretty.

But you're not saying anything to dispute his claims.
I use Windows and I receive security updates at least once a week & I've never had any problems with Windows in ages.

 

[cyanite]

Does clearing browser history and website data help?

Even closing the tab removes the problem in this case.

Yet another reason to use a totally separate web browser if you want to use certain websites separately.

Or, in this case, close the tab.

Is this even fixable?

Yes

For example, there’s currently a critical security flaw in macOS in that if someone has physical access to your computer AND knows your password, they can use the keyboard to type in your password and gain access to your account.

You mean they can... log in? That seems normal to me.

This bug seems to be serious.

Not really. It allows some website to see what other websites are open in background tabs right now. It doesn't allow them to access any data.

 

[Havoc035]

Come on Apple, get your security act together. This isn't the first time issues have been known but unpatched.

 

[ironpony]

Apple will send out a booster soon ... wear a mask until it is available

 

[k27]

On macOS: User Firefox, then you are not affected by the bug
On iOS/iPad OS: Every browser is affected due to Apple's design specification.

 

[andrewxgx]

lets just take a moment here and stop focusing on the bug itself and rather on who reported it. i mean, how bad it had to be so fingerprinting service (newspeak for user tracking) reports this?

 

[dysamoria]

“Always update to the latest version to make sure your devices are as secure as possible” they say... while I sit here with iOS 12 and High Sierra, not being affected by this bug. ??‍♂️

 

[genovelle]

The world runs on Windows. So I guess paradise is the 90% of the world's computers.

Except 80% of all browsing in done on mobile devices and iPads now.

 

[BootsWalking]

Swell. add that to the huge bug list in Monterey.

Meanwhile Microsoft fixes bugs, adds new features on a week by week basis.

Microsoft just released a set of patches on 01/11 that broke access to all my ReFS partitions. You read that right - Microsoft released a patch that causes Windows to no longer recognize one of its own filesystems. Before I learned of the cause I thought my ReFS drives had become corrupt since the error message says "No recognizable filesystem found".

Reference: https://www.techradar.com/news/this-windows-server-update-is-causing-a-bunch-of-problems

 

[genovelle]

Fortunately there's a patch available. ?

All iOS browsers use WebKit. I guess open source isn’t always the best way to go.

 

[BootsWalking]

Apple has a commitment to user privacy but unfortunately doesn't have the engineering competence to consistently back that commitment up.

 

[genovelle]

Unbelievable the lack of passion & vision behind Safari, the team behind it puts out this unacceptable half baked garbage really, it's truly appalling & disgraceful the lack of leadership, QA and how much the browser has retrogressed, beyond IE levels. So much for Apple's silicon and all the "privacy" smoke but it gets outperformed by almost any mainstream browser in Apple's own OS while also offering less granular privacy tools.

Unreal.

The crazy part is all of the noise made against Apple’s walled garden and that open sourced is soooo much better!!! Well WebKit is open sourced and this is the result. They should have just kept it in house since they will be responsible for it anyway.

 

[JKAussieSkater]

How has there been no legal challenge to Apple for forcing all iOS browsers on the AppStore to use *their* Webkit engine? This means Edge, Chrome and Firefox are also victim to this bug within the iOS ecosystem (whereas, they wouldn't be if they were allowed to use their own browser engines).