Three days ago, a vulnerability in Safari came to light that allowed any website to track a browser’s Internet activity and potentially determine a user’s identity. Fortunately, one of the things that characterizes Apple is that it is quite effective in correcting this type of vulnerability. We already have the solution, however it seems that It won’t be available to everyone until new updates are released.
IndexedDB is a browser API used by major web browsers as client-side storage, containing data like databases. Typically, the use of a “same origin policy” will limit what data each website can access and typically makes it so that a site can only access the data it generated, not that of other sites.
In the case of Safari 15 for macOS, IndexedDB was found to be in violation of the same-origin policy. The researchers claim that every time a website interacts with their database, a new empty database is created with the same name “in all other active frames, tabs, and windows within the same browser session.”
According to a WebKit commit on GitHub, and also as detected by the specialized medium MacRumors. However, the fix won’t be available to users until Apple releases updates for Safari on macOS Monterey, iOS 15, and iPadOS 15.