Just a few days after Apple fixed a flaw that allows a hacker to put your iPhone into an endless cycle that crashes repeatedly, FingerprintJS has uncovered the Safari vulnerability that could let your personal information and internet activities information to an open web.
The issue is from it’s in the IndexedDB API that is utilized to store client-side large quantities of structured data in the words of Mozilla. According to FingerprintJS describes, since IndexedDB is an API with a low-level that is that is used by every major browser, many programmers “choose to use wrappers that abstract most of the technicalities and provide an easier-to-use, more developer-friendly API.”
In this way the version used by Safari’s IndexedDB does not comply with the same-origin security feature that limits how scripts or files that are loaded from one source can communicate with resources from different sources, as per FingerprintJS. Therefore, any website could be able to spy on other websites that users visit through different tabs or windows.
Since certain websites utilize unique identifiers for users in the database name, FingerprintJS states that users who are authenticated are “uniquely and precisely identified” by websites like YouTube, Google Calendar, and Google Keep. Since you’ll be logged into these sites with the Google ID, the databases associated with that account might be accessed, including your personal data. FingerprintJS has discovered other sites that are susceptible to this issue which include Twitter as well as Bloomberg.