Ihacker ifumene umngxuma onzima wokhuseleko kuwo safari, Isikhangeli semveli se-Apple, apho ezinye iinkcukacha zabucala zeakhawunti yakho kaGoogle zinokuvuzwa, kubandakanya nembali yokukhangela yamva nje.
Lo msebenzisi sele ekhona yazisa inkampani, ke sinethemba lokuba uhlaziyo lwesikhangeli sexesha elizayo luza kusombulula ingxaki yokhuseleko echongiweyo kungekudala. Siza kube siyibukele.
Kwaqhekeza umnxeba Ushicilelo lweminweJS upapashe kwiifayile zakhe blog ubhaqo okuphazamisayo noko. Umngxuma wokhuseleko kwi-browser ye-Apple Safari, apho ulwazi olubalulekileyo lomsebenzisi lunokuthi "luthutywe" ngaphandle kweMac.
Oku kusilela kubandakanya impazamo ekuphunyezweni kwe IsalathisoDB ye Safari kwi Mac kunye iOS. Oko kuthetha ukuba iwebhusayithi inokubona amagama edatha kuyo nayiphi na isizinda, hayi eyakhe kuphela. Amagama esiseko sedatha angasetyenziselwa ukukhupha ulwazi oluchongayo kwitafile yokujonga. Apha ungabona ukuba isebenza njani le bug yokhuseleko.
Iinkonzo ze Uphando bagcina umzekelo we-IndexedDB kwiakhawunti yakho nganye, kunye negama lesiseko sedatha elihambelana ne-ID yakho yomsebenzisi kaGoogle. Ke usebenzisa i-exploit echazwe kwiposti yebhlog, iwebhusayithi ekhohlakeleyo inokufumana i-ID yakho yomsebenzisi kaGoogle emva koko isebenzise isazisi ukufumana olunye ulwazi lobuqu, kuba i-ID isetyenziselwa ukwenza izicelo ze-API kwiinkonzo zikaGoogle.
Ithumela iimpumlo ukuba kunye nezinye iiphequluli, ezifana chrome, oku akwenzeki, kwaye iwebhusayithi inokubona kuphela i-database eyenzelwe umsebenzisi we-Google wesizinda sayo, kwaye kungekhona enye enye. Ngethemba ukuba iApple iza kuyilungisa kungekudala.
I-Apple ayikayilungisi okwangoku.
I-FingerprintJS ithi sele iyazisile i-Apple malunga nesiphene sokhuseleko kwixesha elidlulileyo 28 ngoNovemba. Iyamangalisa into yokuba ukuza kuthi ga namhlanje ayikalungiswa ngohlaziyo olutsha lweSafari. Kodwa siqinisekile ukuba iza kwenzeka kungekudala.
