Apple patches Safari bug that leaked user data

New versions of Monterey and iOS are out now

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Applehas pushed iOS 15.3 RC and macOS Monterey 12.2 RC to developers and beta users as part of a plan to fixa Safari flaw that leaked browsing historyand some Google data.

This follows recent news that cybersecurity researchers from FingerprintJS had found a problem in an Apple API - IndexedDB, used to store data in thebrowser.

Safari15 has a security measure that prevents malicious pages, opened in one tab, to read the data generated by websites opened in another tab. The researchers found that the API doesn’t follow this policy, and instead creates a new database with the same name in all other active frames, tabs, and windows, within the same browser session.

No wider release just yet

Describing the potential ways to leverage the flaw, researchers explained that a malicious page opened in one tab, could obtain data generated by the page in another. Furthermore, the flaw can be leveraged to obtainGoogleaccount data.

Google’s services (for example,YouTube) generate databases containing the unique Google UserIDin their names. As these IDs are used to access public information, such as a profile picture, other sites could see it, as well.

FingerprintJS has even created a dedicated website to demonstrate the bug in the wild. Now, as reported by 9to5Mac, testing for the flaw on devices updated to iOS 15.3 RC and macOS 12.2 RC has shown that the website no longer sees any data, and shows a user not being logged into their Google account.

The researchers claimed that the flaw affected all iOS 15 and macOS Monterey versions, until this newest one. iOS 14, however, was not affected, nor were those still usingSafari14 on older versions of the Mac.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Apple is yet to set an official release date for these new versions of theoperating system, but given that the Release Candidate version has already been shipped, it’s safe to assume that it won’t take too long.

Via:9to5Mac

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tactics

This new phishing strategy utilizes GitHub comments to distribute malware

Smeg Combi Steam Oven review: a multi-functional countertop oven that looks stunning and cooks well