> Apple engineers began working to remediate the IndexDB bug on Sunday, January 16, two days after Fingerprint.js publicly disclosed the issue.
So, not when Apple were notified at the end of November? Oh well, why would they bother?
Apple is preparing to repair a bug in its WebKit browser engine that has been leaking data from its Safari 15 browser at least since the problem was reported last November. Updates made available on Thursday to Apple developers – iOS 15.3 RC and macOS 12.2 RC – reportedly fix the flaw, an improper implementation of IndexedDB …
When I found out that everything was running on Apple WebKit I said to a tech department manager surely that’s quite risky. What if someone discovers a serious CVE and we’re then stuck using it under whatever badge until Apple get off their butts and do something about it. Manager tells me that it isn’t my problem so don’t worry about it.
And how is that different than using Edge or Chrome or Firefox, unless you believe you can go the source and recompile Chromium or Firefox yourself after you've fixed it?
You still have to wait for someone to fix stuff. You think those have never had any bugs laying around for a few months before they got fixed?
No matter what OS you use, what browser you use, you are vulnerable to dozens if not hundreds of severe unfixed bugs. Most of them have never been discovered, but some have are in sitting in the vault at the NSA, GCHQ, FSB, MSS, Mossad, etc. or worse has been sold on the dark web to malware/ransomware authors.
The main difference is the release schedule. Firefox and Chrome have predictable release dates and established procedures for bug fixes. They also have long term releases to make life easier for corporates. Year on and Apple still does not have predictable release dates and a history of bug fixes breaking things. Could the two be connected?
And how is that different than using Edge or Chrome or Firefox, unless you believe you can go the source and recompile Chromium or Firefox yourself after you've fixed it?
You still have to wait for someone to fix stuff. You think those have never had any bugs laying around for a few months before they got fixed?
No matter what OS you use, what browser you use, you are vulnerable to dozens if not hundreds of severe unfixed bugs. Most of them have never been discovered, but some have are in sitting in the vault at the NSA, GCHQ, FSB, MSS, Mossad, etc. or worse has been sold on the dark web to malware/ransomware authors.
Yes bugs exist and will do on all browser engines on most OSes I would expect. The difference on IOS is all the browsers on IOS are forced to use the same WebKit browser engine, that’s whether it’s Safari, Firefox, Opera, Chrome etc.
So that means it makes no difference whatever browser you choose to use on IOS you’re exposed to the same bugs and vulnerabilities. You can’t avoid a serious bug/vulnerability in Safari on IOS by just using Chrome or Firefox instead.
On Android/Mac OS/Windows/Linux there is no restriction and browsers can use any engine, so Gecko, Blink etc.
This post has been deleted by its author