Bug in Safari’s Private Browsing feature reveals browsing history

Status
Not open for further replies.
Petrovic

Petrovic

Level 64
Thread author
Verified
Honorary Member
Top Poster
Well-known
Apr 25, 2013
5,355
Content source
http://www.myce.com/news/bug-in-safaris-private-browsing-feature-reveals-browsing-history-75419/
A bug in the Private Browsing feature of Apple’s browser Safari allows others to see which URLs have been visited. The Private Browsing feature of Safari should make sure that users can visit websites while no information about those visits is stored by the browser.

However, due to a bug Safari leaves traces that make it possible to see which URLs have been visited. When browsing in Private Browsing mode, Safari saves the favicon and the address of the visited website in a favicon database.

Favicons are normally loaded from the webserver of the visited website but Safari saves the images in a database to use them for other purposes like e.g. favorites and browsing history. Unfortunately Safari also saves the information when browsing in Private Browsing mode. Someone with physical access to the computer can see which websites have been visited in Private Browsing mode, Mac Issues reports.

Full Article
 
  • Like
Reactions: Ink
Ink

Ink

Administrator
Verified
Staff Member
Well-known
Jan 8, 2011
22,361
MacIssues: http://www.macissues.com/2015/03/17/safari-bug-saves-web-page-urls-in-private-mode/

While this is normal behaviour and is not at all a security risk, it may be considered a privacy issue as pages you might not want a trace of on your system will be logged to this database, which is a simply SQLite database commonly used in OS X, and which can be opened with a number of SQLite readers (including the built-in “sqlite3″ Terminal utility). Since the database is not encrypted, if your Mac is not using FileVault, then someone can technically access the file and even open it in a text editor to see the visited URLs.
QxBNI4n.png

Safari’s Webpageicon.db file can be opened in any SQLite database reader, where a list of all visited sites can be seen.

If you're concerned, there are 3 options:
  1. Use another browser (Chrome, Firefox etc.)
  2. Use a private and encrypted system
  3. Manually delete the icon database
Details: http://www.macissues.com/2015/03/17/safari-bug-saves-web-page-urls-in-private-mode/
 
  • Like
Reactions: Petrovic
cruelsister

cruelsister

Level 42
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 13, 2013
3,147
The stock broker that I use about 2 months ago posted a warning that clients accessing their site should NEVER (their caps, not mine) use Safari.
 
Status
Not open for further replies.

Similar threads

CyberTech
    • Like
New Update Firefox is getting a button to Reset Private Browsing Sessions
Replies
1
Views
560
Firefox
Ink
Ink
Ink
    • Like
    • +Reputation
    • Thanks
Google is persistently pushing Enhanced Safe Browsing to users; and Should You Enable It?
Replies
10
Views
2,112
News Archive
Sandbox Breaker
Sandbox Breaker
silversurfer
    • Like
    • +Reputation
New Update Vivaldi on Android gets Full History Sync and Search Engine setting for Private Tabs
Replies
6
Views
678
Vivaldi
silversurfer
silversurfer

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top