Bug 262699 (CVE-2024-23206)

Summary: Persistent Tracking via fingerprint.com
Product: WebKit Reporter: Bug <bug.reporter.321>
Component: CanvasAssignee: Matthew Finkel <m_finkel>
Status: RESOLVED FIXED    
Severity: Major CC: aperez, dino, mcatanzaro, m_finkel, webkit-bug-importer, wenson_hsieh, wilander
Priority: P2 Keywords: InRadar
Version: Safari 17   
Hardware: Unspecified   
OS: iOS 17   

Bug
Reported 2023-10-05 07:28:54 PDT
Dear all, I noticed that upon reset of ios device, the fingerprint on fingerprint.com will change but is stable afterwards, despite private mode and all protection active. The change-on-reset event does not seem to make sense to me, unless fingerprint.com is able to escape from safari to read some (network?) property which changes orngets deleted on device reset, bit not in private mode. It might be dropping an undeletable cookie somewhere or read some property it is not supposed to. Where to discuss problems of this kind? Thanks
Attachments
Add attachment proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1 2023-10-05 15:18:15 PDT
<rdar://problem/116545792>
Matthew Finkel
Comment 2 2023-12-16 21:49:10 PST
Pull request: https://github.com/apple/WebKit/pull/977
EWS
Comment 3 2023-12-18 06:49:42 PST
Committed 267815.640@safari-7617-branch (36d57dc0f23f): <https://commits.webkit.org/267815.640@safari-7617-branch> Reviewed commits have been landed. Closing PR #977 and removing active labels.
Bug
Comment 4 2023-12-19 07:00:37 PST
Hello thanks for the quick reaction. Matthew could you contact me on my email to have little discussion how to proceed. There might be more to do, and the analysis of this stuff is exhausting for me. Thanks
Michael Catanzaro
Comment 5 2024-10-17 13:56:25 PDT
Fixed by https://commits.webkit.org/273484@main
Note You need to log in before you can comment on or make changes to this bug.