Safari is back in the spotlight. A few days ago, operators were furious about a new function that would prevent blocking web pages or knowing the browsing history of users. Now, a bug in Safari allows a attacker know all your history and your unique identifier from your Google account.
The vulnerability was discovered by the fraud detection service FingerprintJS, who contacted the creators of the affected WebKit and offered the code for free and openly to fix it. The bug has not been fixed, and for this reason the Fingerprint JS team has decided to make the vulnerability public to speed up its patching.
The bug is not patched
The fault lies in a bad implementation of the IndexedDB API. This API is designed so that documents or scripts originated from a site do not interact with resources from other sources. A website opened in one tab should not be able to share data with another tab, all of them always being isolated from each other. Otherwise, a malware could know, for example, our bank details.
However, the Safari vulnerability allowed separate web pages to interact with each other. if you use Safari 15, what do you use IndexedDB, every time a web interacts with a database, a new empty one with the new name is created with all active frames, tabs and windows in the same browser session. The consequence is that other websites can access the names of the databases, being able to know, for example, information about a Google account.
Among that information is the unique identifier of a Google account. With this, an attacker can obtain personal information, and identify multiple accounts that the user has separately. The team of researchers has discovered that, of the 1,000 most visited websites In the world according to the Alexa ranking, there are 30 that use vulnerable indexed databases. Browsing in incognito mode or private mode does not solve the problem, although it does help limit the amount of information available.
Avoid using Safari while it’s being patched
The team that discovered the vulnerability has created a demo to identify sites that a user with a Google account has recently opened or accessed. The web searches for 20 specific web pages on which the vulnerability works if used Safari 15 with macOS, iOS 15, or iPadOS 15.
The right laptop for coding? HP Announces Linux Dev One Mobile Computer for Software Developers
HP announced the expansion of its range of mobile computers with the Dev One model, focused on application developers. There has not yet been a full premiere, but the company has already revealed key details. So, for example, the device is running Linux (Pop!_OS is pre-installed).
HP Dev One will be equipped with an 8-core AMD Ryzen 7 5000 Pro processor, will receive 16 GB of DDR4-3200 MHz RAM, a 1 TB SSD. The screen diagonal will be 14 inches, the resolution is Full HD. When sales start, there is no data, but the cost is already known – $ 1,100. In general, in the US, for that kind of money, you can buy a laptop with more interesting characteristics, and replace the pre-installed Windows with Linux.
Apple has released a major update for Mac computers – more than fifty fixes and the long-awaited release of “Universal Control”
Apple has released an update to the macOS Monterey operating system, the fourth major update since its release in October 2021.
macOS Monterey 12.4 comes out two months after the launch of macOS Monterey 12.3. One of the important innovations was the Universal Control function.
The initial announcement of Universal Control took place almost a year ago – in June 2021. In March, with the release of macOS Monterey 12.3, it began to work in beta mode, and now there has been an official release, which Apple considers hassle-free. Universal Control lets you use one keyboard and mouse to work on your Mac and iPad.
For Studio Display, macOS Monterey 12.4 adds support for firmware 15.5, which is designed to improve the quality of the webcam. There’s also an update to the Podcasts app that lets you limit the number of episodes you keep on your Mac and automatically delete old podcast episodes.
Apple has also added more than fifty fixes for security vulnerabilities in macOS 12.4. The macOS Monterey 12.4 update can be downloaded from the Software Update section of System Preferences.
McDonalds introduced a smart smoke detector in the form of “Big Mac”. If smoke is detected in the kitchen, he will offer to order something from McDonalds
McDonalds has introduced a smart smoke detector in the Netherlands that looks like an upside-down Big Mac. The device is called McDelivery Detector, and this name well reflects its essence.
The sensor is supposed to be installed on the ceiling in the kitchen. When smoke is detected, McDelivery Detector will prompt the user not to bother with further cooking, but simply to order something from the McDonalds assortment instead of what burned out on the stove or microwave. If the user agrees, the order is automatically routed to the nearest McDonalds restaurant.
McDelivery Detector is only available as part of an advertising campaign in the Netherlands. In order to enter the giveaway and get one of the sensors, participants in the game must submit examples of “their worst culinary mistakes.”
Many TVs are smaller. LG 48GQ900 OLED monitor with 4K resolution and 120Hz frame rate goes on sale
The official premiere of the large OLED monitor LG 48GQ900 took place in early March, and now the novelty has...
DJI is preparing a new “racing drone” Avata with a quality camera at the level of Mini 3 Pro
DJI recently introduced the Mini 3 Pro compact drone, and soon another compact FPV class model (the so-called “racing drone”)...
RedmiBook Pro Ryzen Edition 2022 will receive a 3.2K screen with a frame rate of 90 Hz
Xiaomi has published a teaser image dedicated to the RedmiBook Pro Ryzen Edition 2022 laptop. Its premiere is expected very...
578 hp, acceleration to 100 km / h in 3 s, 13 cameras, 3 screens, wireless charging and 14 speakers. Avatr 11 electric car interior images published – the fruit of cooperation between Changan, CATL and Huawei
The electric vehicle brand Avatr launched in 2018 as a joint venture between Changan and Nio. Later, Nio withdrew from...
Software7 days ago
Windows 11 22H2 (Sun Valley 2) RTM Released May 24th
Software7 days ago
The latest update of Windows 11 and Windows 10 caused crashes
Components7 days ago
Bloomberg talks about iOS 16 and Apple Watch non-invasive blood glucose monitor
Components7 days ago
World’s first 14″ laptop with 75Wh battery and Magic OS. Honor MagicBook 14 unveiled with 2K screen, Intel Core 12 processors and GeForce RTX 2050 GPU