macOS Monterey 12.2 and iOS 15.3 Release Candidates Fix Safari Bug That Leaks Browsing Activity

by

The macOS Monterey 12.2 and iOS 15.3 release candidates that came out today appear to address a Safari bug that could cause your recent browsing history and details about your identity to be leaked to malicious entities.

safari icon blue banner
As shared last week by browser fingerprinting service FingerprintJS, there is an issue with the WebKit implementation of the IndexedDB JavaScript API. Any website that uses IndexedDB can access the names of IndexedDB databases generated by other websites during the same browsing session.

The bug permits a website to spy on other websites that the user visits while Safari is open, and because some websites use user-specific identifiers in their IndexedDB database names, personal information can be gleaned about the user and their browsing habits.

Browsers that use Apple's WebKit engine are impacted, and that includes Safari 15 for Mac and Safari for iOS 15 and iPadOS 15. Some third-party browsers like Chrome are also affected on iOS and iPadOS 15, but the macOS Monterey 12.2, iOS 15.3, and iPadOS 15.3 updates fix the vulnerability.

FingerprintJS constructed a demo website to let users check to see whether they're impacted, and as 9to5Mac notes, after updating to the new software, the website detects no security holes.

The website is designed to tell users details about their Google accounts. On iOS 15.2.1 and macOS Monterey 12.1, we tested and the demo website was able to detect our Google account. After updating to the macOS Monterey 12.2 RC and the iOS 15.3 RC, the demo website no longer detects any data.

Apple earlier this week prepared a fix for the bug and uploaded it to the WebKit page on GitHub, so we knew that Apple was working to address the vulnerability. With the macOS Monterey 12.2 and iOS 15.3 release candidates now available, we could see these updates be made available to the public as soon as next week.

Tag: Safari
Related Forums: iOS 15, macOS Monterey

Popular Stories

AirPods Pro Firmware Feature

Apple Releases New Firmware for AirPods Pro 2, AirPods Pro 3, and AirPods 4

Thursday November 13, 2025 11:35 am PST by
Apple today released new firmware designed for the AirPods Pro 3, the AirPods 4, and the prior-generation AirPods Pro 2. The AirPods Pro 3 firmware is 8B25, while the AirPods Pro 2 and AirPods 4 firmware is 8B21, all up from the prior 8A358 firmware released in October. There's no word on what's include in the updated firmware, but the AirPods Pro 2, AirPods 4 with ANC, and AirPods Pro 3...
Read Full Article68 comments
Tim Cook WWDC 2018

Report: Tim Cook to Step Down as Apple CEO 'as Soon as Next Year'

Saturday November 15, 2025 2:40 pm PST by
Apple is preparing for Tim Cook to step down as CEO of the company "as soon as next year," according to the Financial Times. The company's board of directors and senior executives "recently intensified preparations for Cook to hand over the reins," the report said. While the report said that Apple is unlikely to name a new CEO before its next earnings report in late January, it went on to ...
Read Full Article464 comments
iPhone Pocket Short

iPhone Pocket Now Available to Order, But Already Selling Out

Friday November 14, 2025 6:20 am PST by
Apple recently teamed up with Japanese fashion brand ISSEY MIYAKE to create the iPhone Pocket, a limited-edition knitted accessory designed to carry an iPhone. iPhone Pocket is available to order on Apple's online store starting today, in the United States, France, China, Italy, Japan, Singapore, South Korea, and the United Kingdom. However, it is already completely sold out in the United...
Read Full Article199 comments
apple silicon mac lineup 2024 feature purple m5

Apple's 2026 Mac Plans

Friday November 14, 2025 3:23 pm PST by
Most of Apple's Macs are slated to get M5 chips across 2026, and there's a possibility we'll even see the first M6 chips toward the end of the year. Updates are planned for everything from the MacBook Air to the Mac Studio. MacBook Air (Early 2026) The MacBook Air will be one of the first Macs to get a 2026 refresh, with an update planned for the first few months of the year. The MacBook...
Read Full Article156 comments
best early black friday deals

Best Black Friday Apple Deals Live Now - Save on AirPods, iPads, and Apple Watches

Saturday November 15, 2025 1:45 pm PST by
We're officially in the month of Black Friday, which will take place on Friday, November 28 in 2025. As always, this will be the best time of the year to shop for great deals, including popular Apple products like AirPods, iPad, Apple Watch, and more. In this article, the majority of the discounts will be found on Amazon. Note: MacRumors is an affiliate partner with some of these vendors. When ...
Read Full Article2 comments
tvOS 26 Profiles

tvOS 26.2 Adds a Useful New Feature to Your Apple TV

Friday November 14, 2025 10:02 am PST by
Starting with the upcoming tvOS 26.2 update, currently in beta, additional profiles created on the Apple TV no longer require their own Apple Account. In the Settings app on the Apple TV, under Profiles and Accounts, anyone can create a new profile by simply entering a name and indicating whether the profile is for a kid. The profile will be associated with the primary user's Apple Account,...
Read Full Article
walmart new ornametns

Walmart Black Friday Deals Begin Today With Low Prices on Headphones, TVs, and More

Friday November 14, 2025 7:55 am PST by
Walmart's Black Friday sale has officially kicked off today, with an online shopping event that's also seeing some matching deals in retail locations. There are quite a few major discounts in this sale, including savings on headphones, TVs, and more. Note: MacRumors is an affiliate partner with Walmart. When you click a link and make a purchase, we may receive a small payment, which helps us...
Read Full Article13 comments
CarPlay Pinned Messages

iOS 26.2 Adds New CarPlay Setting

Thursday November 13, 2025 6:48 am PST by
iOS 26 extended pinned conversations in the Messages app to CarPlay, for quick access to your most frequent chats. However, some drivers may prefer the classic view with a list of individual conversations only, and Apple now lets users choose. Apple released the second beta of iOS 26.2 this week, and it introduces a new CarPlay setting for turning off pinned conversations in the Messages...
Read Full Article24 comments
iOS 26

Everything New in iOS 26.2 Beta 3

Monday November 17, 2025 3:20 pm PST by
Apple provided developers with the third beta of an upcoming iOS 26.2 update, and there are still new features that are being added with each beta that we get. We've rounded up all of the changes that Apple made in beta 3. AirDrop Apple added new AirDrop functionality, providing a way for two people to share files temporarily without having to add one another as contacts. iOS 26.2...
Read Full Article20 comments

Top Rated Comments

Dave-Z Avatar
Dave-Z
50 months ago

As discovered last week ('https://www.macrumors.com/2022/01/16/safari-15-webkit-indexeddb-bug/') by browser fingerprinting service FingerprintJS
It wasn't discovered last week. It was discovered last year, November 2021. It was disclosed to the public last week.


we knew that Apple was working to address the vulnerability in a timely manner
Addressing the issue nearly two months after it having been reported is not timely, especially considering this patch still hasn't reach the public. If the update comes out in one week that will have been two months since Apple first learned about it.
Score: 31 Votes (Like | Disagree)
centauratlas Avatar
centauratlas
50 months ago
"address the vulnerability in a timely manner.".

But is it really timely? Sure, timely since it was made public, but was it timely since they first were informed of it? I'd say no.
Score: 16 Votes (Like | Disagree)
CaTOAGU Avatar
CaTOAGU
50 months ago
It really does feel a bit silly that we’re still having to wait on OS level updates to fix a bug in a web browser.
Score: 15 Votes (Like | Disagree)
IGI2 Avatar
IGI2
50 months ago

It wasn't discovered last week. It was discovered last year, November 2021. It was disclosed to the public last week.



Addressing the issue nearly two months after it having been reported is not timely, especially considering this patch still hasn't reach the public. If the update comes out in one week that will have been two months since Apple first learned about it.
But to be fair, Google Project Zero (and others) has a disclosure policy of 90 days.

We know that this is a privacy breach, but still, modern OSs are fairly complex. Getting to know about it, analysis, fixing it, incorporating in all variants, QA testing, and distributing it to all end users across the globe in one time, whether it's iPhone 6s or iPhone 13 Pro Max is still within reasonable "timely" manner.

We know that they had some public pressure; that's why it's even shorter if we count days since it landed in the news.
Score: 9 Votes (Like | Disagree)
beanbaguk Avatar
beanbaguk
50 months ago
To all those members complaining about the "timely manner" statement. I would say this is very timely and your complaints indicate you have no experience in software development.

I've been in software development for many years (I am a Head of Product at a software technology company), and patching something isn't just a 5-minute job, even if you know what the issue is and how to fix it.

A small change on an API will impact many, many areas of a product and this means thorough testing is required, and diligence of any related libraries and products.

This is hugely time-consuming and since this product impacts so many platforms, it's not just a case of patching and letting it go into the wild. Especially in this instance, a security audit would have to also be conducted to show the result works, and this would have to be verified by multiple organisations.

Then, the patch has to be tested to ensure it deploys safely and correctly over the air. That update process takes time to implement, manage and check. It then needs checking again, more testing and feedback from users (beta), and devs to ensure they are not experiencing any issues. Again, all this takes time.

I hope this provides some perspective as to how and why these fixes take a little time.

It reminds me of the days when I used to build websites for clients. Talking to an individual who has zero ideas as to the complexities of a solid product is the most infuriating and patience-testing experience as a developer.

Anyway. Two months for a fix like this on this scale is perfectly acceptable.
Score: 8 Votes (Like | Disagree)
Macintosh TV Avatar
Macintosh TV
50 months ago
Mozilla has security issues that are more than 2 years old and filed in their system. Chrome has outstanding security issues older than this. Folks need to settle down. This stuff happens. It gets fixed. If you're unhappy with the speed at which a browser or OS patches issues, then it may be time to look elsewhere.
Score: 8 Votes (Like | Disagree)
Read All Comments