Connect with us
iphone safari peligro iphone safari peligro

Computers

Another very serious security flaw on Mac allows you to spy on your Google account

Published

on

Safari is back in the spotlight. A few days ago, operators were furious about a new function that would prevent blocking web pages or knowing the browsing history of users. Now, a bug in Safari allows a attacker know all your history and your unique identifier from your Google account.

The vulnerability was discovered by the fraud detection service FingerprintJS, who contacted the creators of the affected WebKit and offered the code for free and openly to fix it. The bug has not been fixed, and for this reason the Fingerprint JS team has decided to make the vulnerability public to speed up its patching.

The bug is not patched

The fault lies in a bad implementation of the IndexedDB API. This API is designed so that documents or scripts originated from a site do not interact with resources from other sources. A website opened in one tab should not be able to share data with another tab, all of them always being isolated from each other. Otherwise, a malware could know, for example, our bank details.

However, the Safari vulnerability allowed separate web pages to interact with each other. if you use Safari 15, what do you use IndexedDB, every time a web interacts with a database, a new empty one with the new name is created with all active frames, tabs and windows in the same browser session. The consequence is that other websites can access the names of the databases, being able to know, for example, information about a Google account.

Safari

Among that information is the unique identifier of a Google account. With this, an attacker can obtain personal information, and identify multiple accounts that the user has separately. The team of researchers has discovered that, of the 1,000 most visited websites In the world according to the Alexa ranking, there are 30 that use vulnerable indexed databases. Browsing in incognito mode or private mode does not solve the problem, although it does help limit the amount of information available.

Avoid using Safari while it’s being patched

The team that discovered the vulnerability has created a demo to identify sites that a user with a Google account has recently opened or accessed. The web searches for 20 specific web pages on which the vulnerability works if used Safari 15 with macOS, iOS 15, or iPadOS 15.

As it is not patched, the only thing that can be done to avoid being affected is block javascript, do not use google accounts, or use another web browser. Interestingly, Apple refused in June 2020 to implement 16 Web APIs in Safari’s WebKit arguing that they could represent a problem for privacy. However, many argued that this move was made to force users to use native iOS apps.

Click to comment

Leave a Reply

Your email address will not be published.

Computers

The right laptop for coding? HP Announces Linux Dev One Mobile Computer for Software Developers

Published

on

The right laptop for coding HP Announces Linux Dev One

HP announced the expansion of its range of mobile computers with the Dev One model, focused on application developers. There has not yet been a full premiere, but the company has already revealed key details. So, for example, the device is running Linux (Pop!_OS is pre-installed).

The right laptop for coding?  HP Announces Linux Dev One Mobile Computer for Software Developers

HP Dev One will be equipped with an 8-core AMD Ryzen 7 5000 Pro processor, will receive 16 GB of DDR4-3200 MHz RAM, a 1 TB SSD. The screen diagonal will be 14 inches, the resolution is Full HD. When sales start, there is no data, but the cost is already known – $ 1,100. In general, in the US, for that kind of money, you can buy a laptop with more interesting characteristics, and replace the pre-installed Windows with Linux.

Continue Reading

Computers

Apple has released a major update for Mac computers – more than fifty fixes and the long-awaited release of “Universal Control”

Published

on

Apple has released a major update for Mac computers

Apple has released an update to the macOS Monterey operating system, the fourth major update since its release in October 2021.

Apple has released a major update for Mac computers - more than fifty fixes and the long-awaited release of

macOS Monterey‌ 12.4 comes out two months after the launch of macOS Monterey 12.3. One of the important innovations was the Universal Control function.

The initial announcement of Universal Control took place almost a year ago – in June 2021. In March, with the release of macOS Monterey 12.3, it began to work in beta mode, and now there has been an official release, which Apple considers hassle-free. Universal Control lets you use one keyboard and mouse to work on your Mac and iPad.

For Studio Display, ‌macOS Monterey‌ 12.4 adds support for firmware 15.5, which is designed to improve the quality of the webcam. There’s also an update to the Podcasts app that lets you limit the number of episodes you keep on your Mac and automatically delete old podcast episodes.

Apple has also added more than fifty fixes for security vulnerabilities in macOS 12.4. The ‌‌‌‌‌‌macOS Monterey‌‌‌ 12.4 update can be downloaded from the Software Update section of System Preferences.

Continue Reading

Computers

McDonalds introduced a smart smoke detector in the form of “Big Mac”. If smoke is detected in the kitchen, he will offer to order something from McDonalds

Published

on

McDonalds introduced a smart smoke detector in the form of

McDonalds has introduced a smart smoke detector in the Netherlands that looks like an upside-down Big Mac. The device is called McDelivery Detector, and this name well reflects its essence.

McDonalds introduced a smart smoke detector in the form of

The sensor is supposed to be installed on the ceiling in the kitchen. When smoke is detected, McDelivery Detector will prompt the user not to bother with further cooking, but simply to order something from the McDonalds assortment instead of what burned out on the stove or microwave. If the user agrees, the order is automatically routed to the nearest McDonalds restaurant.

McDelivery Detector is only available as part of an advertising campaign in the Netherlands. In order to enter the giveaway and get one of the sensors, participants in the game must submit examples of “their worst culinary mistakes.”

Continue Reading

Most Popular