The headline says Safari, but the problem is in the WebKit engine. On the iPhone and iPad Apple requires the use of WebKit, so this impacts more than Safari. Safari bug leaks your Google account info, browsing history.
Apple insists that everyone (Chrome, Brave, Firefox, etc) use the WebKit engine on iOS because of reasons.
Switching to a non-WebKit-based web browser is the only viable solution, but it only applies to macOS. On the iOs and iPadOS, all web browsers are affected.
The details are too technical to go into here, but the problem is a data storage feature in WebKit, Apples web-browser engine, doesn't enforce "same-origin" policy, which allows malicious websites to see data from where you have been, and other data from those sites. That we are still seeing issues related to non-enforcement of same-origin policy in 2022 is more than a little discouraging.
The bit that is really annoying:
The vulnerability was reported to WebKit Bug Tracker on November 28, 2021, and at the time of writing this, it's still unaddressed.
I take that to mean Apple has not even acknowledged the problem. This reminds me of how Microsoft ignored a problem with Exchange server for months because fixing the problem was not in their planned schedule. Maybe it will turn out to not be that bad.
No comments:
Post a Comment
Comment Moderation is in place. Your comment will be visible as soon as I can get to it. Unless it is SPAM, and then it will never see the light of day.
Be Nice. Personal Attacks WILL be deleted. And I reserve the right to delete stuff that annoys me.