Security News > 2022 > January > Serious Security: Apple Safari leaks private data via database API – what you need to know
Researchers at browser identification company FingerprintJS recently found and disclosed a fascinating data leakage bug in Apple's web browser software.
At first telling, the bug sounds both undramatic and unimportant: although it allows private data to leak between separate browser tabs that contain content from unrelated websites, the amount of data that leaks is minuscule.
WebKit, like all other modern browser engines, lets websites set and store what's called stateful data - information that's carried from one visit to a site to the next, traditionally via web cookies.
As you can imagine, the sort of data stored in cookies and web storage isn't suitable for disclosing to anyone, given that it often identifies you loosely, and frequently identifies you exactly - for example, cookies may grant access to private data in an online account, such as your name, address, contact details, credit card data, as well as the password reset page for that account.
We now have THREE types of local storage: cookies, which are great for simple settings such as pagestyle=dark; web storage, fine for larger-sized chunks of data such as configuration settings and modestly-sized documents; and a local database system known as IndexedDB, when you need to keep large amounts of data and to access it efficiently.
Clearing web data typically means you need to need to login and readjust preferences for every website you've used lately.
News URL
Related news
- US task force aims to plug security leaks in water sector (source)
- 95% of companies face API security problems (source)
- U.S. Justice Department Sues Apple Over Monopoly and Messaging Security (source)
- Hardware-level Apple Silicon vulnerability can leak cryptographic keys (source)
- Microsoft confirms memory leak in March Windows Server security update (source)
- New "GoFetch" Vulnerability in Apple M-Series Chips Leaks Secret Encryption Keys (source)
- GoFetch security exploit can't be disabled on M1 and M2 Apple chips (source)
- New GoFetch Vulnerability in Apple’s M Chips Allows Secret Keys Leak on Compromised Computers (source)
- Apple's GoFetch silicon security fail was down to an obsession with speed (source)
- Cybercriminals threaten to leak all 5 million records from stolen database of high-risk individuals (source)