Connect with us

Technology

Huge iPhone bug may be leaking your info to strangers as Apple scrambles to fix it

APPLE is working on a fix for a recently discovered bug that is capable of exposing the personal data of iPhone users.

The issue in the Safari browser lets any website track your internet activity and even reveal your identity without your permission.

RexApple is working on a fix for a bug in its Safari web browser[/caption]

It affects all web browsers on iOS for iPhone and iPad, as well as the California tech titan’s Safari 15 on Mac.

The problem was uncovered by security experts from FingerprintJS and reported by MacRumours over the weekend.

According to the tech publication, Apple’s engineers are now working on an update to patch up the exploit that will roll out in the near future.

The in-progress update was spotted in a WebKit commit on GitHub, a helps developers store, manage, track and control changes to their software.

On GitHub, a WebKit commit indicates that Appl’s engineers are working on a fix for the bug.

The fix reportedly will not be available to users until Apple releases macOS Monterey, iOS 15, and iPadOS 15 updates with an updated version of Safari.


FingerprintJS experts reported the bug to Apple back in November 2021.

The problem can leak your recent internet browsing activity, as well as reveal some of the personal details from your Google account.

It stems from a feature under the bonnet designed to store data in your browser from one place.

The so-called IndexedDB is supposed to follow a same-origin policy, meaning only the site that generates certain data can access it.

For example, if you had your email account open in one tab while another tab is a dodgy website, the feature should stop the bad one from interfering with your email.

But researchers have apparently found a flaw that stops that defence mechanism from fully working.

This could allow hackers to snoop on specific details about your identity.

Experts highlight the dangers with services such as Google’s, as one login is used across YouTube, email, Google Calendar and much more.

“Not only does this imply that untrusted or malicious websites can learn a user’s identity, but it also allows the linking together of multiple separate accounts used by the same user,” FingerprintJS warned.

They tested 1,000 top websites to see whether they could be affected.

More than 30 sites use indexed databases which means those who use them could be at risk.

What can I do to prevent Safari bug?

Unfortunately, there isn’t much you can do until Apple roll out a fix.

“The only real protection is to update your browser or OS once the issue is resolved by Apple,” experts said.

Mac users could use an alternative web browser.

But as the issue is across all web browsers on iPhone and iPad, you’ll have to wait.

In the meantime, just be extra vigilant of the sites you use.

In other news, personalised smart guns, which can be fired only by verified users, may finally become available to U.S. consumers this year.

Scientists are embarking on a mission to unravel the mystery behind dozens of grisly child mummies buried in an underground tomb in Sicily.

Police have caught an Italian mafia henchman who’d be on the run for 20 years after spotting the fugitive on Google Maps.

And, one of the best-preserved fossils ever found has confirmed that young dinosaurs burst from their shells just like baby birds.

We pay for your stories! Do you have a story for The Sun Online Tech & Science team? Email us at tech@the-sun.co.uk