Our great sponsors
-
WebKit
Home of the WebKit project, the browser engine used by Safari, Mail, App Store and many other applications on macOS, iOS and Linux.
-
blog-indexeddb-safari-leaks-demo
Demo showcasing information leaks resulting from an IndexedDB same-origin policy violation in WebKit.
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
Update (Monday January 17th 2022): Apple engineers began working on the bug as of Sunday, have merged potential fixes, and have marked our report as resolved. However, the bug continues to persist for end users until these changes are released.
We created a simple demo page that demonstrates how a website can learn the Google account identity of any visitor. The demo is available at safarileaks.com. If you open the page and start the demo in an affected browser, you will see how the current browsing context and your identity is leaked right away. Identity data will only be available if you are authenticated to your Google account in the same browsing session.
Related posts
- Apple develops update for Safari bug that could allow private data to leak
- WebGPU now available for testing in Safari Technology Preview
- Disabling iOS Personalized Ads tells kernel to kill daemon every 3 seconds
- Apple's Safari browser is still vulnerable to Spectre attacks
- Replacing WebRTC: real-time latency with WebTransport and WebCodecs