Thursday, February 22, 2024

macOS Monterey 12.2 and iOS 15.3 Release Candidates Fix Safari Bug That Leaks Browsing Activity

Share

The macOS Monterey 12.2 and iOS 15.3 release candidates that came out today appear to address a Safari bug that could cause your recent browsing history and details about your identity to be leaked to malicious entities.

As discovered last week by browser fingerprinting service FingerprintJS, there is an issue with the WebKit implementation of the IndexedDB JavaScript API. Any website that uses IndexedDB can access the names of IndexedDB databases generated by other websites during the same browsing session.

The bug permits a website to spy on other websites that the user visits while Safari is open, and because some websites use user-specific identifiers in their IndexedDB database names, personal information can be gleaned about the user and their browsing habits.

Browsers that use Apple’s WebKit engine are impacted, and that includes Safari 15 for Mac and Safari for iOS 15 and iPadOS 15. Some third-party browsers like Chrome are also affected on iOS and ‌iPadOS 15‌, but the macOS Monterey 12.2, iOS 15.3, and iPadOS 15.3 updates fix the vulnerability.

FingerprintJS constructed a demo website to let users check to see whether they’re impacted, and as 9to5Mac notes, after updating to the new software, the website detects no security holes.

The website is designed to tell users details about their Google accounts. On iOS 15.2.1 and ‌macOS Monterey‌ 12.1, we tested and the demo website was able to detect our Google account. After updating to the ‌macOS Monterey‌ 12.2 RC and the iOS 15.3 RC, the demo website no longer detects any data.

Apple earlier this week prepared a fix for the bug and uploaded it to the WebKit page on GitHub, so we knew that Apple was working to address the vulnerability in a timely manner. With the ‌macOS Monterey‌ 12.2 and iOS 15.3 release candidates now available, we could see these updates be made available to the public as soon as next week.Related Roundups: iOS 15, iPadOS 15, macOS MontereyTag: SafariRelated Forums: iOS 15, macOS Monterey
This article, “macOS Monterey 12.2 and iOS 15.3 Release Candidates Fix Safari Bug That Leaks Browsing Activity” first appeared on MacRumors.com

Discuss this article in our forums

MacRumors-All?d=6W8y8wAjSf4 MacRumors-All?d=qj6IDK7rITs

Read more

More News