Try yelling FIRE in a crowded theater to discover the limits of your free speech.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Safari Bug Allows Websites to Track Your Recent Browsing Activity in Real Time [Updated]
- Thread starter MacRumors
- Start date
- Sort by reaction score
For as long as I can remember....many years...I've ALWAYS cleared my history whenever I've finished using financial or other important sites. It is indeed 'second nature' for me.
Please correct me if I'm wrong but from what I'm getting from these responses is that one must be logged into a Google account? For if thats the case...no problem for me.
"Keeping your software up to date is one of the most important things you can do to maintain your Apple product's security."
https://support.apple.com/en-us/HT201222
No, a malicious website could access the tabs in your browsing session that use IndexedDB regardless of whether you're logged into Google or not. If you're logged into Google, they can link your profile (name, email and picture) with that of your browsing session to identify who you are.
What if you never have any tabs open except for the one that you’re currently working in, and you close that tab before you open a new website, and when you’re done with your session, you clear all your history. Does that keep you safe?
Last edited:
No doubt there are security flaws that people would use to try to convince me to update. None I am aware of currently being exploited.
Has Apple dealt with the fact that iOS was downloading iTunes content, despite every relevant setting being set to disable such activity? Anyone tested this in iOS 13, 14, or 15? It takes a car audio system to trigger playback for this to happen. Give it a test for me. No music loaded on the device, iTunes downloads disabled, no cellular data allowed to Music app or iTunes app, etc...
It’s not just security and such; also basic functionality is and has been buggy.
I’ve watched a lot of bugs (which I’ve reported) go unfixed across major releases for YEARS. From UI annoyances (like text selection bugs in webpage text boxes, somewhat fixed by iOS 12.x after being broken since at least iOS 9), to downright broken design (like the “multiselect” mode for lists). That got me upgrading for a while (and then angry as these things went unfixed major version after major version).
Updates bring other problems, too: updating to iOS 13 breaks Safari iCloud synchronization between iOS devices and High Sierra Macs (which is why I’m still on iOS 12).
There’s no winning, whether we upgrade or not. Roll the dice.
That is a completely different message then the spin “that apple said it was safe”. Ask Microsoft about rebooting domain controllers because Microsoft said their fix was “safe”.
And the support document is spot on.
When Apple started letting us uninstall and install again some of the built-in apps on iOS i thought that it was the first steps to let us update those apps independently of the OS updates, i hope some day Apple make this happen.
Nowadays we need a Browser, or the Browser Engine, to be updated when something like this happens, not all the OS together.
Nowadays we need a Browser, or the Browser Engine, to be updated when something like this happens, not all the OS together.
Ok, so what must I do about it? Update something? I always do, if there is something to be updated. Until then, do I stop using Apple products? Should I go into a mad panic and switch to Chrome or FF? Seriously, what is the purpose of this article?
We all know Apple is not infallible, right?
Key word; "can reveal your recent browsing history" So, does it actually reveal my porn history? Yes or no.
There is of course one way to ensure we don't suffer at the hands of such incompetence on the part of Apple; stay off the internet.
Is there perhaps a plain English translation of this article for the idiot on the street like me?
We all know Apple is not infallible, right?
Key word; "can reveal your recent browsing history" So, does it actually reveal my porn history? Yes or no.
There is of course one way to ensure we don't suffer at the hands of such incompetence on the part of Apple; stay off the internet.
Is there perhaps a plain English translation of this article for the idiot on the street like me?
Last edited:
There are those who are still on windows xp and windows 7. Zei gezunt. One does what one wants. My philosophy is to move forward. In today's interconnected environment I choose to update to have patched software and new functionality. But to each their own.
Resolved means the problem is fixed and tested. When they release it, they’ll Close the issue. Seems to be how these things work.
No. I meant what I said. Rather than faffing about with the CSAM spy software, I wish Apple would devote their precious human resources to improving security and privacy. I don't expect any software to be bug-free, but I do expect a professional effort to minimise bugs and security leaks and I expect it to be a very high priority. The fact that Apple didn't detect and deal with this bug in Safari doesn't inspire confidence ATM. Just my two cents.
Any browser has bugs like this one all the time. We can judge based on communication and time to fix. 52 days (so far) isn’t that unusual.
Wow, when being on an older version is safer.
Safari 14.x / Big Sur squad.
I have a tech preview of 15.x but came away not that impressed or noticing a big difference in anything (aside from those visually whack tabs you can opt out of)
Safari 14.x / Big Sur squad.
I have a tech preview of 15.x but came away not that impressed or noticing a big difference in anything (aside from those visually whack tabs you can opt out of)
I would not think Apple serializes it's development. Having resources on the CSAM project doesn't preclude devoting "their precious human resources to improving security and privacy." I too wish that Safari bug was fixed, and I also wish Microsoft didn't release software that rebooted domain controllers. Yet here we are.
Last edited:
Not needed to see the names of the indexedDB databases. The Google thing just makes it easier to track you but is probably mostly irrelevant.
The malicious site can’t access tabs in any way other than getting the names of indexedDB databases. Then they can use those names to figure out what website you recently visited if that site used the Javascript indexedDB API. Once the browser session is closed, the access to the database names is removed.
Depending on how you use Safari, the bug might produce very little data or a fair amount. But it is just tracking website visits which all advertising sites already do. Apple should fix it but there isn’t much to be concerned about. Business as usual for the scummy advertising sites.Ah, but I think if the resulting data showed anything even remotely concerning (or something that could be twisted into being concerning), the security researcher would have provided it as further poof that they are indeed a serious security researcher worth everyone’s notice and attention!
Actually, person hopurs spent on one project preclude person-hours spent on another, but in general I think this is about priorities. Just my opinion.
PSHAW! That's ASSUMING your Windows PC Isn't Bricked by a Ransomware Attack!