A bug in the Private Browsing feature of Apple's browser Safari allows others to see which URLs have been visited. The Private Browsing feature of Safari should make sure that users can visit websites while no information about those visits is stored by the browser.
However, due to a bug Safari leaves traces that make it possible to see which URLs have been visited. When browsing in Private Browsing mode, Safari saves the favicon and the address of the visited website in a favicon database.
Favicons are normally loaded from the webserver of the visited website but Safari saves the images in a database to use them for other purposes like e.g. favorites and browsing history. Unfortunately Safari also saves the information when browsing in Private Browsing mode. Someone with physical access to the computer can see which websites have been visited in Private Browsing mode, Mac Issues reports.
A reader reported how a 45MB database files contained URLs, even from years ago. The file gave access to a large history or browses websites, including those visited in Private Browsing mode.
Until Apple fixes the issues users are advised to use another browser, or to manually remove the icon database.
