In recent hours, an important security flaw has been known in Macs. More specifically in the default browser Safari. Although it is true that at first we must say that the equipment itself or data of an extremely sensitive nature are not at risk, there is certain information related to your activity that could be made public by some websites.
What is this security flaw?
The website specialized in the search for vulnerabilities, FingerprintJS, warned in a recent entry of an error in the programming of Safari that is allowing websites to track activity of the user, regardless of the browser settings that the user has chosen. Because, as you may already know, for several versions the browser allows you to prevent tracking on websites, but unfortunately this is being ignored because of this tedious error.
The problem, according to the aforementioned blog, lies in a WebKit implementation problem in the «IndexedDB» API, a JavaScript API that is usually used by some websites to access personal information such as recent activity in the browser or even the profile picture that he uses on some sites. Of course, as is evident, not all websites can access this information, but those that are using the aforementioned API can.
Therefore, as we said at the beginning, you can rest easy regarding the stability of your computer. There is no malware that is going to make it unusable or that is capable of stealing information that you have stored on it. They will not even be able to access data such as credit cards or the like. However, they will be able to track your history for commercial purposes, which usually requires your consent.
How can you avoid being a victim?
It would be as simple as telling you not to visit web pages that use the IndexedDB API, but logically it is not something that can be known at first and even if it were, it would be too tedious a solution. That is why it is recommended use other browsers for Mac, since the error originates from Safari and not from other browsers. At least from what is currently known. It should be noted that also in old versions of safari like ’14’, this problem is not present.
The definitive solution will come with a update by apple, either at the system level offering a hypothetical version of macOS 12.1.1 or with one of those known as complementary updates and that would only update the browser. At the moment there is none of this and neither have the Californian company spoken. However, in light of the noise that this news is generating, it is more than likely that they are already aware of it and are working on the security patch to fix it.
