This bug was discovered late last week, incidentally it was the main subject of a blog post published by the FingerprintJS browser fingerprinting service. According to the first information we have about it, it allows, as explained above, websites using the API to have access to the entire IndexedDB database of a user, and not only the part regarding.
A bug that affects Safari, but not only
According to the first diagnostics, this bug should only affect the most recent versions of iOS and iPadOS, as well as the Safari 15 version available on Mac. More problematic still, the bug could even affect users browsing third-party apps like Chrome on iOS 15 or iPadOS 15.
Apple was contacted to find out if the Cupertino company had planned to correct this major security problem. If, as usual, the Apple brand has not made any communication on this subject, it is very likely that the API developers who work for Apple are already on the warpath, determined to solve this bug ASAP.
As a reminder, Apple made confidentiality its main concern last year, in particular with the App Transparency Act and other measures taken by the firm to reduce tracking on the Internet. A bug of such magnitude affecting this part of Apple is therefore a serious setback for Apple, which must correct it as soon as possible.