HACKINTOSH.ORG | Macintosh discussion forums

macOS Monterey 12.2 and iOS 15.3 Release Candidates Fix Safari Bug That Leaks Browsing Activity

The macOS Monterey 12.2 (https://www.macrumors.com/2022/01/20/apple-macos-monterey-12-2-rc/) and iOS 15.3 (https://www.macrumors.com/2022/01/20/apple-seeds-ios-15-3-rc/) release candidates that came out today appear to address a Safari bug that could cause your recent browsing history and details about your identity to be leaked to malicious entities.





(https://images.macrumors.com/article-new/2022/01/safari-icon-blue-banner.jpeg)


As shared last week (https://www.macrumors.com/2022/01/16/safari-15-webkit-indexeddb-bug/) by browser fingerprinting service FingerprintJS, there is an issue with the WebKit implementation of the IndexedDB JavaScript API. Any website that uses IndexedDB can access the names of IndexedDB databases generated by other websites during the same browsing session.





The bug permits a website to spy on other websites that the user visits while Safari is open, and because some websites use user-specific identifiers in their IndexedDB database names, personal information can be gleaned about the user and their browsing habits.





Browsers that use Apple's WebKit engine are impacted, and that includes Safari 15 for Mac and Safari for iOS 15 (https://www.macrumors.com/roundup/ios-15/) and iPadOS 15 (https://www.macrumors.com/roundup/ipados-15/). Some third-party browsers like Chrome are also affected on iOS and ‌iPadOS 15‌, but the macOS Monterey (https://www.macrumors.com/roundup/macos-12/) 12.2, iOS 15.3, and iPadOS 15.3 updates fix the vulnerability.





FingerprintJS constructed a demo website (https://safarileaks.com/) to let users check to see whether they're impacted, and as 9to5Mac (https://9to5mac.com/2022/01/20/ios-15-3-rc-fixes-safari-bug-that-gives-websites-access-to-browsing-history-and-google-id-data/) notes, after updating to the new software, the website detects no security holes.





The website is designed to tell users details about their Google accounts. On iOS 15.2.1 and ‌macOS Monterey‌ 12.1, we tested and the demo website (https://safarileaks.com/) was able to detect our Google account. After updating to the ‌macOS Monterey‌ 12.2 RC and the iOS 15.3 RC, the demo website no longer detects any data.





Apple earlier this week prepared a fix (https://www.macrumors.com/2022/01/18/apple-prepares-fix-for-safari-indexeddb-bug/) for the bug and uploaded it to the WebKit page on GitHub, so we knew that Apple was working to address the vulnerability. With the &zwnj;macOS Monterey&zwnj; 12.2 and iOS 15.3 release candidates now available, we could see these updates be made available to the public as soon as next week.<div class="linkback">Related Roundups: iOS 15 (https://www.macrumors.com/roundup/ios-15/), iPadOS 15 (https://www.macrumors.com/roundup/ipados-15/), macOS Monterey (https://www.macrumors.com/roundup/macos-12/)</div><div class="linkback">Tag: Safari (https://www.macrumors.com/guide/safari/)</div><div class="linkback">Related Forums: iOS 15 (https://forums.macrumors.com/forums/ios-15.233), macOS Monterey (https://forums.macrumors.com/forums/macos-monterey.234)</div>
This article, &quot;macOS Monterey 12.2 and iOS 15.3 Release Candidates Fix Safari Bug That Leaks Browsing Activity (https://www.macrumors.com/2022/01/20/safari-data-leak-bug-fix-ios-15-3/)&quot; first appeared on MacRumors.com (https://www.macrumors.com)

Discuss this article (https://forums.macrumors.com/threads/macos-monterey-12-2-and-ios-15-3-release-candidates-fix-safari-bug-that-leaks-browsing-activity.2331957/) in our forums

<div class="feedflare">
<img src="http://feeds.feedburner.com/~ff/MacRumors-Front?d=yIl2AUoC8zA" border="0"></img> (http://feeds.macrumors.com/~ff/MacRumors-Front?a=EAw9iaB5pA8:N4kDbxTpOZI:yIl2AUoC8zA) <img src="http://feeds.feedburner.com/~ff/MacRumors-Front?d=6W8y8wAjSf4" border="0"></img> (http://feeds.macrumors.com/~ff/MacRumors-Front?a=EAw9iaB5pA8:N4kDbxTpOZI:6W8y8wAjSf4) <img src="http://feeds.feedburner.com/~ff/MacRumors-Front?d=qj6IDK7rITs" border="0"></img> (http://feeds.macrumors.com/~ff/MacRumors-Front?a=EAw9iaB5pA8:N4kDbxTpOZI:qj6IDK7rITs)
</div>

Source: macOS Monterey 12.2 and iOS 15.3 Release Candidates Fix Safari Bug That Leaks Browsing Activity (https://www.macrumors.com/2022/01/20/safari-data-leak-bug-fix-ios-15-3/)