iPhone Bug That Leaks Browsing Data Fixed; But Apple Users Have to Wait

iPhone Bug That Leaks Browsing Data Fixed; But Apple Users Have to Wait
Earlier this month, researchers revealed an iPhone bug on devices running with iOS 15. Hackers used this iPhone Safari bug to spy on a victim's browser history and steal their Google ID. Fortunately, Apple fixed this issue in the iOS 15.3 RC. Photo : Justin Sullivan/Getty Images

Earlier this month, researchers revealed an iPhone bug on devices running with iOS 15. Hackers used this iPhone Safari bug to spy on a victim's browser history and steal their Google ID. Fortunately, Apple fixed this issue in the iOS 15.3 RC.

Although iPhone malware is rare, there are codes capable of prying open Apple security. One of these is a bug found in IndexedDB.

What Is iPhone Safari Bug: Apple Exploit

Researchers from FingerprintJS first discovered this exploit. They even developed a demo website to show Apple users how the bug works.

When active, the bug violates the "same-origin" policy and cross reads codes from third-party browsers. This strategy will reveal a victim's web history. On a scarier note, the bug could also read details about a victim's Google account. If a victim signs in with their Google account, their unique Google ID will be visible on the bug.

FingerprintJS shared a YouTube video explaining this exploit.

iPhone Malware: Bug Fix Resolved

As noted in an earlier reports, FingerprintJS researchers said that they notified Apple about the issue last year. Since the bug is on the backend of the browser, there isn't anything end users can do to protect themselves.

It took a few months, but Apple finally came through with a fix. According to 9to5Mac, the issue is finally resolved in iOS 15.3, but there is a catch.

Read Also: Red Cross Cyberattack Compromises Data of Over 500k 'Highly Vulnerable' Individuals; Organizations Begs Not to Leak Them

How to Fix iPhone Bug

9to5Mac experts tested the iOS 15.3 against the demo website, and the results showed that "the user is not logged into a Google Account." The results imply that the bug has been fixed, and a few encryption codes have been added for account security.

Note, however, that Apple only rolled out iOS 15.3 release candidate (RC) builds for testing. This means only developers and beta testers have the privilege of getting their bugs fixed. At the time of writing, the update is yet to be available to the general public.

For now, Apple users are recommended to wait for the update, which might drop any time in the coming days. They are also advised to immediately download the update when it is available to maximize their account privacy and security.

SysJoker Malware on Apple Macs

On a different topic, Apple users should also watch out for the newly discovered SysJoker malware. This is a multi-platform threat that attacks the victim's operating system.

SysJoker is one of the few malware that can infect Apple devices. It uses a universal binary with arm64 builds, making it compatible with any Apple silicone Mac. Be warned that SysJoker is difficult to detect and remove once it is installed. Apple users are recommended to install security tools to address this threat.

Cybersecurity researcher Wardle suggested three open-sourced apps that can help Apple users. Full details for these tools are available in this article.

Related Article: Cryptocurrency Price Boom 2022: Crypto Billionaire Names 2 Ethereum Killers to Invest In

© 2024 iTech Post All rights reserved. Do not reproduce without permission.

Company from iTechPost

More from iTechPost