A nasty bug in Safari has been discovered, and Apple has made available an update to MacOS Monterey and iOS that should solve the critical flaw.
The releases are MacOS Monterey 12.2 and iOS 15.3, both of which patch the vulnerability, which may have been exposing your browsing data. The release candidates are both currently available through GitHub, with official releases expected next week.
As originally reported by MacRumors, the issue revolves around WebKit and its implementation with IndexedDB JavaScript sites. Any websites using this API can see the names of other IndexedDB databases and any associated data.
Put simply, certain websites can see when you put personal info into other websites in the same browsing session. This problem is unique to Safari on Macs, iPads, and iPhones. Mobile versions of third-party browsers like Chrome are also affected because they rely on Apple’s WebKit.
WebKit is an open-source browser engine developed by Apple. All mobile browsers on iOS run on WebKit, but it is also used on devices such as Sony PlayStation consoles and Amazon Kindle e-readers. None of those devices, however, are affected by the bug.
The bug was discovered by a browser fingerprinting service called FingerprintJS. In response, they developed a website designed to show you user details about your Google account. The goal is to show whether your device is exposed.
According to MacRumors, “After updating to the macOS Monterey 12.2 RC and the iOS 15.3 RC, the demo website no longer detects any data.”
That shows the fix is working as intended. You can download the release candidate on GitHub, but there could be potentially other bugs. If you would rather wait, just make sure to update your device as soon it becomes available.
Apple responded rather quickly to the news of the bug. MacRumors first reported it on Sunday, January 16, and Apple had a fix available a few days later. Hopefully, the release candidates work well, and we will see an update available soon.
