Madison Genthry 
Data leaks are common for browser-based applications that store large amounts of data within the user’s environment. In 2020, Apple released a Safari update to address the IndexedDB data leak, which raises an important question: what is the nature of this fix?
This article will explain what the Apple Safari IndexedDB data leak entails and how the fix released by Apple addresses this vulnerability. This article will also provide other recommendations on taking precautions against potential future breaches and data loss.
First, we’ll discuss the circumstances that caused this vulnerability. It will then discuss Apple’s solution to address it and other measures that users can take to better protect themselves from future security vulnerabilities.
What is IndexedDB?
IndexedDB is a web standard that allows websites to store and access data. It is a powerful way to store data and is quite useful for web development, but it can also be a privacy risk. Apple recently released iOS 15.3 and macOS 12.2 Release Candidates, which patches a data leak issue in Safari’s IndexedDB feature. So let’s take a look at what IndexedDB is and how Apple’s fix works.
How IndexedDB works
IndexedDB is an API in browsers that lets web applications store data locally. It is a client-side database, meaning all data and operations are locally on the user’s device. While other local storage solutions such as LocalStorage and WebSQL provide basic support for different types of data, IndexedDB offers robust support and functionality for large, structured datasets.
IndexedDB creates a database containing stores of objects that are directly linked to an index. This allows the store to quickly query a subset of records by their respective attributes, making it ideal for querying large datasets as it can quickly narrow down results with just a few simple queries. IndexedDB also supports transactions, ensuring data integrity when multiple processes access the same store.
In terms of implementation, IndexedDB works best when used with a library such as React Native’s AsyncStorage library or Mongo-JS (a MongoDB client-side JavaScript library) to map structured data from server-to-client or vice versa. Thus, IndexedDB applications have powerful control over their stored application data on each user device with much less effort than external databases like Google Cloud Firestore or conventional relational databases like MySQL or Oracle Database etc.
What is the data leak?
IndexedDB is a web storage technology which stores data and related metadata in a persistent memory, much like a traditional database or spreadsheet. The data stored by IndexedDB is accessed by an index, similar to an SQL query and can be searched over indexed properties.
Apple developed IndexedDB to store large amounts of data across multiple devices and platforms with better security than cookies, which were susceptible to cross-site request forgery (CSRF) attacks.
The problem with storing such large amounts of data on browsers was discovered when hackers discovered a way to bypass the security measures within Safari browsers. Essentially, attackers could use manipulation techniques to access sensitive customer information stored by Safari webpages using what was known as “the Safari IndexedDB Data Leak”.
Apple reacted quickly and released a Safari update designed to close the security loophole and prevent further threats from accessing personal customer data stored in this way.
The update included numerous changes aimed at addressing the potential for attacks enabled by the Data Leak, including changes to how certain files containing sensitive content were treated in certain situations and how certain operations could be performed within the IndexedDB architecture. Curbing these vulnerabilities will help ensure customers’ private information is secured when taking advantage of IndexedDB’s capabilities on their macOS or iOS devices running Safari.
Apple fixes Safari IndexedDB data leak in iOS 15.3 and macOS 12.2 Release Candidates
Apple recently released iOS 15.3 and macOS 12.2 Release Candidates, fixing Safari IndexedDB data leak. This new update aims to shore up security and privacy on iOS devices and Macs by addressing the underlying issue that caused the leaked data. Here, we will explore the details of Apple’s fix and what it entails.
What Apple has done
Apple has recognized the potential security risk posed by the Safari IndexedDB data leak. As such, it has released a set of updates to address the privacy loophole.
Firstly, Apple has rolled out an update that will inform users when websites try to access their personal information. This update is available for Mac OS Lion v10.7.4 and up and iOS 5.0 and later versions for smartphone users. By providing this information, users can take appropriate action – such as changing the intended website’s permission settings or opting not to permit at all – that can keep their private data secure.
Moreover, Apple is bringing some changes within Safari’s JavaScript render engine by replacing “indexedDB” with a new browser storage system called AppCache. This new addition prevents websites from storing data on viewers’ devices without their consent and limits third-party organisations’ ability to access it without their approval.
Finally, Apple recommends that users regularly clear out their stored browser data through its ‘Clear History & Website Data’ feature or a privacy-focused third-party cleaning tool designed specifically for this task, such as CleanMyMac X or Conexis Mobile Phone Cleaner software programs available at the App Store respectively.
Overall, these specific solutions implemented by Apple help promote safer browsing experiences by safeguarding end-users’ privacy in terms of how their personal information is securely handled on digital platforms and devices connected to them moving forward.
What this means for users
This Safari IndexedDB data leak saga reminds Apple users to think carefully before opting into any new features. Monitoring your data usage and managing your privacy settings can go a long way to ensure that the application and services you use safeguard your important personal information.
For Apple specifically, this fix means deleting all IndexedDB WKWebsiteDataRecords from Safari databases created by third-party websites. Though these records have previously been present in Safari 12.1 and all variants if iOS 12.2 or earlier, with the addition of iOS 12.3, the issue should be resolved for now — however it is possible for indexing and searching of websites with WebKit to resume should Apple enable it again in an upcoming software release. To ensure that such an incident does not repeat itself, users are advised to regularly check their version of Safari and keep up-to-date with any subsequent security patches released at regular intervals by Apple.
It is also important for developers of web applications that use IndexedDB API methods to periodically review how their websites utilise this technology and consider how it might be necessary to revise their implementation accordingly as Safari updates arise or when feature roadmaps change over time. In addition, in future issues with similar security leaks being identified Apple may need the help of these developers to fully resolve them going forward.
tags = IndexedDB, homepod, 9to5Mac, iphone reviews, iphone preferences, apple ios icloud relayespoacute9to5mac, apple ios private relayespoacute9to5mac,
