macOS Monterey 12.2 and iOS 15.3 Release Candidates Fix Safari Bug That Leaks Browsing ActivityThe
macOS Monterey 12.2 and
iOS 15.3 release candidates that came out today appear to address a Safari bug that could cause your recent browsing history and details about your identity to be leaked to malicious entities.
As
shared last week by browser fingerprinting service FingerprintJS, there is an issue with the WebKit implementation of the IndexedDB JavaScript API. Any website that uses IndexedDB can access the names of IndexedDB databases generated by other websites during the same browsing session.
The bug permits a website to spy on other websites that the user visits while Safari is open, and because some websites use user-specific identifiers in their IndexedDB database names, personal information can be gleaned about the user and their browsing habits.
Browsers that use Apple's WebKit engine are impacted, and that includes Safari 15 for Mac and Safari for
iOS 15 and
iPadOS 15. Some third-party browsers like Chrome are also affected on iOS and ‌iPadOS 15‌, but the
macOS Monterey 12.2, iOS 15.3, and iPadOS 15.3 updates fix the vulnerability.
FingerprintJS
constructed a demo website to let users check to see whether they're impacted, and as
9to5Mac notes, after updating to the new software, the website detects no security holes.
The website is designed to tell users details about their Google accounts. On iOS 15.2.1 and ‌macOS Monterey‌ 12.1, we tested and
the demo website was able to detect our Google account. After updating to the ‌macOS Monterey‌ 12.2 RC and the iOS 15.3 RC, the demo website no longer detects any data.
Apple earlier this week
prepared a fix for the bug and uploaded it to the WebKit page on GitHub, so we knew that Apple was working to address the vulnerability. With the ‌macOS Monterey‌ 12.2 and iOS 15.3 release candidates now available, we could see these updates be made available to the public as soon as next week.<div class="linkback">Related Roundups:
iOS 15,
iPadOS 15,
macOS Monterey</div><div class="linkback">Tag:
Safari</div><div class="linkback">Related Forums:
iOS 15,
macOS Monterey</div>
This article, "
macOS Monterey 12.2 and iOS 15.3 Release Candidates Fix Safari Bug That Leaks Browsing Activity" first appeared on
MacRumors.comDiscuss this article in our forums
<div class="feedflare">
<img src="[url]http://feeds.feedburner.com/~ff/MacRumors-Front?d=yIl2AUoC8zA" border="0"></img>[/url]
<img src="[url]http://feeds.feedburner.com/~ff/MacRumors-Front?d=6W8y8wAjSf4" border="0"></img>[/url]
<img src="[url]http://feeds.feedburner.com/~ff/MacRumors-Front?d=qj6IDK7rITs" border="0"></img>[/url]
</div>
Source:
macOS Monterey 12.2 and iOS 15.3 Release Candidates Fix Safari Bug That Leaks Browsing Activity