Technology - Google News

Safari Bug Allows Websites to Track Your Recent Browsing Activity in Real Time - MacRumors
Report: iPad Air 5 with 5G, Center Stage camera, and more coming this spring - 9to5Mac
Apple Will Reportedly Be Requiring Covid-19 Boosters for Its Store and Corporate Workers - Gizmodo

Safari Bug Allows Websites to Track Your Recent Browsing Activity in Real Time - MacRumors

Posted: 16 Jan 2022 03:37 PM PST

A bug in WebKit's implementation of a JavaScript API called IndexedDB can reveal your recent browsing history and even your identity, according to a blog post shared on Friday by browser fingerprinting service FingerprintJS.

In a nutshell, the bug allows any website that uses IndexedDB to access the names of IndexedDB databases generated by other websites during a user's browsing session. The bug could allow one website to track other websites the user visits in different tabs or windows, as the database names are often unique and specific to each website. The correct and normal behavior should be that websites can only access their own IndexedDB databases.

In some cases, websites use unique user-specific identifiers in IndexedDB database names. For example, YouTube creates databases that include a user's authenticated Google User ID in the name, and this identifier can be used with Google APIs to fetch personal information about the user, such as a profile picture, according to FingerprintJS. This personal information could help a malicious actor to determine a user's identity.

The bug affects newer versions of browsers using Apple's open source browser engine WebKit, including Safari 15 for Mac and Safari on all versions of iOS 15 and iPadOS 15. The bug also affects third-party browsers like Chrome on iOS 15 and iPadOS 15, as Apple requires all browsers to use WebKit on the iPhone and iPad. FingerprintJS has a live demo of the bug that indicates older browsers like Safari 14 for Mac are unaffected.

[embedded content]

FingerprintJS noted that no user action is required for a website to access IndexedDB database names generated by other websites.

"A tab or window that runs in the background and continually queries the IndexedDB API for available databases can learn what other websites a user visits in real-time," the blog post said. "Alternatively, websites can open any website in an iframe or popup window in order to trigger an IndexedDB-based leak for that specific site."

Private browsing mode does not protect against the bug in affected Safari versions.

Users will need to wait for Apple to address the bug with software updates — we've reached out to Apple to see if a fix is planned. In the meantime, Safari 15 users could temporary switch to a different browser on the Mac, but this is not possible on the iPhone or iPad since all browsers are affected by the WebKit bug on those devices.

The bug was reported to the WebKit Bug Tracker on November 28. More details can be found in FingerprintJS's blog post, reported earlier by 9to5Mac.

Adblock test (Why?)

Report: iPad Air 5 with 5G, Center Stage camera, and more coming this spring - 9to5Mac

Posted: 15 Jan 2022 07:06 PM PST

It's been over a year since Apple unveiled the completely redesigned iPad Air, but a supply chain report today indicates that a new model is on the horizon. Citing "reliable sources in China," the blog Macotakara reports today that Apple could announce the fifth generation iPad alongside the iPhone SE 3 this spring.

As we noted in our full roundup on the iPad Air 5 earlier this month, there are still some unknowns about what to expect. Today's supply chain report from Macotakara, however, does offer a few additional tidbits on the changes potentially in store for this year.

According to today's report, the iPad Air 5 will feature "specifications similar to the iPad mini (6th generation). This would reportedly include an A15 Bionic chip on the inside, an upgraded 12MP ultra-wide front-facing camera (with Center Stage support), and 5G connectivity. The rear-facing camera is reportedly likely to stay the same with a single-lens design.

As for a release date, today's report simply says that the iPad Air 5 will be announced alongside the iPhone SE 3 sometime in the spring. Bloomberg's Mark Gurman reported last weekend that Apple is currently aiming to hold a virtual event in March or April to announce the iPhone SE 3. Macotakara seemingly also believes that the iPad Air 5 is set for this event as well.

9to5Mac's Take

The changes mentioned in today's report will make for a nice update for the iPad Air 5 compared to the fourth-generation model. What remains unclear is whether Apple has any other changes in store for the iPad Air lineup.

One of the biggest limitations of the existing iPad Air is that the $599 base configuration includes a measly 64GB of storage. Ideally, Apple will bump this to 128GB this year while retaining the same entry-level price point.

What do you want to see in the iPad Air 5? Let us know down in the comments!

Check out 9to5Mac on YouTube for more Apple news:

Adblock test (Why?)

Apple Will Reportedly Be Requiring Covid-19 Boosters for Its Store and Corporate Workers - Gizmodo

Posted: 16 Jan 2022 02:29 PM PST

A health worker prepares to administer a dose of Moderna Covid-19 vaccine at the Bang Sue Grand Station, Bangkok.

Apple now considers covid-19 booster shots to be an important element in protecting its workers and will be purportedly requiring employees to show proof that they've gotten the additional dose to access its premises, according to an internal email seen by the Verge.

On Saturday, the Verge reported that Apple would be requiring its retail and corporate employees to get a covid-19 booster shot once they are eligible for one. According to the Centers for Disease Control and Prevention, individuals who received Pfizer-BioNTech and Moderna vaccines can get a booster five months after their first two shots. Those who receive the one-dose Johnson & Johnson shot are eligible to get boosted two months after vaccination.

As told by the Verge, Apple workers will have four weeks to comply with the company's booster requirement once they become eligible. If employees don't get a booster within that time frame, they will be required to take frequent covid-19 tests to enter an Apple Store, partner store, or Apple office beginning on Feb. 15.

"Due to waning efficacy of the primary series of COVID-19 vaccines and the emergence of highly transmissible variants such as Omicron, a booster shot is now part of staying up to date with your COVID-19 vaccination to protect against severe disease," Apple stated in the internal email, according to the Verge.

The memo also contained information for unvaccinated employees, which will be required to provide a negative covid-19 rapid antigen test before entering the workplace beginning on Jan. 24. Workers who have not provided proof of vaccination will also have to abide by this testing policy.

Gizmodo reached out to Apple on Sunday to confirm the Verge's report, but we didn't hear back by the time of publication. We'll update this article if someone from the company gets back to us.

If the internal email is accurate, Apple would join Meta, owner of Facebook, WhatsApp, and Instagram, in requiring covid-19 booster shots for its employees. On Monday, Meta said that employees who are eligible to receive booster shots would need to provide proof of vaccination beginning on March 28 to enter its offices.

"Boosters provide increased protection," a Meta spokesman told the Wall Street Journal. "Given the evidence of booster effectiveness, we are expanding our vaccination requirement to include boosters."

Google hasn't disclosed whether it will require its employees to get covid-19 booster shots but did say on Thursday it would require employees and contractors to have a negative covid-19 molecular test—which are generally more accurate and detect the presence of the coronavirus' genetic material—such as a PCR test to access its offices or facilities. We reached out to Google to ask whether it would be requiring covid-19 booster shots for its employees on Sunday but haven't heard back yet.

Amazon, meanwhile, purportedly isn't using mandates to get people to get boosted, it's using what it knows best: money. This past Thursday, the Information reported that Amazon was paying its hourly workers, including its 750,000 U.S. warehouse workers, $40 and offering them an extra (unpaid) day off to get a booster shot.

Gizmodo reached out to Amazon on Sunday to confirm whether this was indeed the case and ask if it planned to require boosters for all employees. We'll update this article if someone from Amazon gets back to us.

Adblock test (Why?)