• Unpatched Safari 15 IndexedDB bug leaks privacy identifers in all Apple

    From NewsKrawler@21:1/5 to All on Mon Jan 17 04:09:45 2022
    XPost: misc.phone.mobile.iphone

    https://www.theverge.com/2022/1/16/22886809/safari-15-bug-leak-browsing-history-personal-information
    Safari 15 bug can leak your browsing activity and personal identifiers

    Apple's application of the IndexedDB API in Safari 15 violates the
    same-origin policy according to research published today by FingerprintJS.

    When a website interacts with a database in Safari, FingerprintJS says that
    "a new (empty) database with the same name is created in all other active frames, tabs, and windows within the same browser session."

    This means other websites can see the name of other databases created on
    other sites, which could contain details specific to your identity.

    All Apple browsers are affected by this flaw which was reported to Apple in November and Apple hasn't done anything about it as far as we know.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From YK@21:1/5 to NewsKrawler on Sun Jan 16 23:34:43 2022
    XPost: misc.phone.mobile.iphone

    The article is a little misleading when they say Apple restricts
    browsers in iOS to Safari. The iOS App Store includes Brave (my browser
    of choice in all devices), Chrome (Which I never use unless a client is
    having an issue with Chrome and wants me to troubleshoot it), Duck Duck
    Go, Aloha, Firefox, Edge, Epic, and others.

    Now, another name change and thread to add to my kill file to miss Arlen
    and his Apple hate threads. He'll make his response personal, but I'll
    miss it.

    YK

    On 1/16/22 11:09 PM, NewsKrawler wrote:
    https://www.theverge.com/2022/1/16/22886809/safari-15-bug-leak-browsing-history-personal-information
    Safari 15 bug can leak your browsing activity and personal identifiers

    Apple's application of the IndexedDB API in Safari 15 violates the same-origin policy according to research published today by FingerprintJS.

    When a website interacts with a database in Safari, FingerprintJS says that "a new (empty) database with the same name is created in all other active frames, tabs, and windows within the same browser session."

    This means other websites can see the name of other databases created on other sites, which could contain details specific to your identity.

    All Apple browsers are affected by this flaw which was reported to Apple in November and Apple hasn't done anything about it as far as we know.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From sms@21:1/5 to All on Sun Jan 16 21:53:30 2022
    XPost: misc.phone.mobile.iphone

    On 1/16/2022 8:34 PM, YK wrote:
    The article is a little misleading when they say Apple restricts
    browsers in iOS to Safari. The iOS App Store includes Brave (my browser
    of choice in all devices), Chrome (Which I never use unless a client is having an issue with Chrome and wants me to troubleshoot it), Duck Duck
    Go, Aloha, Firefox, Edge, Epic, and others.

    Not quite.

    Remember on iOS Brave ≠ Brave, Chrome ≠ Chrome, etc.. Apple _requires_
    that all browsers for iOS be based on WebKit, which means that
    functionality that is present on the same browser on Android or Windows
    or OSx, is not necessarily present on the iOS version.

    See: <https://9to5google.com/2021/05/03/ios-browsers-underpowered-apple/>.

    I added this as #135a on the document <https://tinyurl.com/iOS-Android-Features>.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Andy Burnelli@21:1/5 to sms on Mon Jan 17 06:24:28 2022
    XPost: misc.phone.mobile.iphone

    On Sun, 16 Jan 2022 21:53:30 -0800, sms wrote:

    Remember on iOS Brave Brave, Chrome Chrome, etc.. Apple _requires_
    that all browsers for iOS be based on WebKit,

    YK is as ignorant as all the other apologists if he doesn't even know that Apple requires browsers to use that untested insecure webkit
    (which has so many holes in the code you can drive a truck through it).

    FACT:
    WebKit is so "underpowered" (as Google engineers called it) that even the
    Tor Project had to make these excuses for the lack of privacy in WebKit.
    *Can I run Tor Browser on an iOS device?*
    <https://support.torproject.org/tormobile/tormobile-3/>
    "Apple requires browsers on iOS to use something called Webkit,
    which prevents [any browser] from having the same privacy
    protections as Tor Browser"

    ASSESSMENT:
    Apple merely _advertises_ privacy without ever actually delivering it.
    --
    No high tech company has _lower_ R&D costs overall, than does Apple.
    Part of that low R&D is because Apple testing is almost not existent.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Joerg Lorenz@21:1/5 to All on Mon Jan 17 08:40:21 2022
    XPost: misc.phone.mobile.iphone

    Am 17.01.22 um 06:53 schrieb sms:
    See: <https://9to5google.com/2021/05/03/ios-browsers-underpowered-apple/>.

    I added this as #135a on the document <https://tinyurl.com/iOS-Android-Features>.

    You are simply a *stupid Troll*

    Intelligent Trolls switch the product when they have so much to
    complain. But even to understand this inherent logic is too ambitious
    for you. Have fun with your iPhone.


    --
    De gustibus non est disputandum

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Lewis@21:1/5 to sms on Mon Jan 17 07:38:04 2022
    XPost: misc.phone.mobile.iphone

    In message <ss308r$em9$1@dont-email.me> sms <scharf.steven@geemail.com> wrote:
    On 1/16/2022 8:34 PM, YK wrote:
    The article is a little misleading when they say Apple restricts
    browsers in iOS to Safari. The iOS App Store includes Brave (my browser
    of choice in all devices), Chrome (Which I never use unless a client is
    having an issue with Chrome and wants me to troubleshoot it), Duck Duck
    Go, Aloha, Firefox, Edge, Epic, and others.

    Not quite.

    Remember on iOS Brave ≠ Brave, Chrome ≠ Chrome, etc.. Apple _requires_ that all browsers for iOS be based on WebKit, which means that
    functionality that is present on the same browser on Android or Windows
    or OSx, is not necessarily present on the iOS version.

    Thinks like data harvesting, private certs so they can spy on your
    encrypted communication, super cookies, and ad injection.

    I added this

    Of course you did.

    --
    Spontaneity has its time and place.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Joerg Lorenz@21:1/5 to All on Mon Jan 17 08:34:17 2022
    XPost: misc.phone.mobile.iphone

    Am 17.01.22 um 05:34 schrieb YK:
    The article is a little misleading when they say Apple restricts
    browsers in iOS to Safari. The iOS App Store includes Brave (my browser
    of choice in all devices), Chrome (Which I never use unless a client is having an issue with Chrome and wants me to troubleshoot it), Duck Duck
    Go, Aloha, Firefox, Edge, Epic, and others.

    Now, another name change and thread to add to my kill file to miss Arlen
    and his Apple hate threads. He'll make his response personal, but I'll
    miss it.

    YK

    On 1/16/22 11:09 PM, NewsKrawler wrote:
    https://www.theverge.com/2022/1/16/22886809/safari-15-bug-leak-browsing-history-personal-information
    Safari 15 bug can leak your browsing activity and personal identifiers

    Apple's application of the IndexedDB API in Safari 15 violates the
    same-origin policy according to research published today by FingerprintJS. >>
    When a website interacts with a database in Safari, FingerprintJS says that >> "a new (empty) database with the same name is created in all other active
    frames, tabs, and windows within the same browser session."

    This means other websites can see the name of other databases created on
    other sites, which could contain details specific to your identity.

    All Apple browsers are affected by this flaw which was reported to Apple in >> November and Apple hasn't done anything about it as far as we know.



    First: Your top posting sucks. *You* run the risk to appear in killfiles.

    Second: You do not understand the limitations imposed by Apple on other
    browser developpers.

    --
    De gustibus non est disputandum

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From nospam@21:1/5 to g.kreme@kreme.dont-email.me on Mon Jan 17 06:08:18 2022
    XPost: misc.phone.mobile.iphone

    In article <slrnsua76s.200n.g.kreme@zephyrus.local>, Lewis <g.kreme@kreme.dont-email.me> wrote:

    In message <ss308r$em9$1@dont-email.me> sms <scharf.steven@geemail.com> wrote:
    Remember on iOS Brave Brave, Chrome Chrome, etc.. Apple _requires_
    that all browsers for iOS be based on WebKit, which means that functionality that is present on the same browser on Android or Windows
    or OSx, is not necessarily present on the iOS version.

    Thinks like data harvesting, private certs so they can spy on your
    encrypted communication, super cookies, and ad injection.

    in addition to webkit's better security, there is also javascript
    acceleration.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Andy Burnelli@21:1/5 to Joerg Lorenz on Mon Jan 17 18:05:28 2022
    XPost: misc.phone.mobile.iphone

    On Mon, 17 Jan 2022 08:40:21 +0100, Joerg Lorenz wrote:

    switch the product when they have so much to
    complain.

    Hi Joerg,

    What you don't understand is that there are people out there who own a
    product who simply want the company to do a better job of QA testing.

    As you well know, there are _zero_ high tech companies out there that
    have _lower_ R&D development as a function of revenue than Apple and
    even worse - there are plenty of far smaller high tech companies with
    far greater R&D.

    One huge way Apple eliminates R&D costs is that Apple never tests sufficiently and these vast and varied and repeated webkit flaws prove it.

    *WebKit security flaws haunt Apple's iTunes*
    <https://www.zdnet.com/article/webkit-security-flaws-haunt-apples-itunes/>

    *Apple Update Fixes WebKit Flaws in iOS*
    <https://threatpost.com/apple-update-fixes-webkit-flaws-in-ios-safari/154155/>

    *To fix WebKit security flaws, Apple releases updates to iOS, macOS, and watchOS*
    <https://www.bollyinside.com/news/to-fix-webkit-security-flaws-apple-releases-updates-to-ios-macos-and-watchos>

    *No patch in sight for Safari 15 webkit serious security flaw*
    <https://www.techradar.com/news/safari-15-may-have-a-serious-security-flaw-no-patch-in-sight>

    The list goes on forever.
    Just run a search for "webkit security flaw" and you'll be reading for weeks.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Alan B@21:1/5 to NewsKrawler on Sun Jan 23 14:05:53 2022
    XPost: misc.phone.mobile.iphone

    On 17 Jan 2022, NewsKrawler wrote
    (in article <ss2q68$12dj1$1@paganini.bofh.team>):

    https://www.theverge.com/2022/1/16/22886809/safari-15-bug-leak-browsing-histor
    y-personal-information
    Safari 15 bug can leak your browsing activity and personal identifiers

    Apple's application of the IndexedDB API in Safari 15 violates the same-origin policy according to research published today by FingerprintJS.

    When a website interacts with a database in Safari, FingerprintJS says that "a new (empty) database with the same name is created in all other active frames, tabs, and windows within the same browser session."

    This means other websites can see the name of other databases created on other sites, which could contain details specific to your identity.

    All Apple browsers are affected by this flaw which was reported to Apple in November and Apple hasn't done anything about it as far as we know.

    The next releases of macOS 12 and iOS / iPadOS 15 should finally address
    this.

    <https://www.macrumors.com/2022/01/20/safari-data-leak-bug-fix-ios-15-3/>

    --
    Cheers, Alan

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)