macOS Monterey 12.2 and iOS 15.3 Release Candidates Fix Safari Bug That Leaks Browsing Activity

by

The macOS Monterey 12.2 and iOS 15.3 release candidates that came out today appear to address a Safari bug that could cause your recent browsing history and details about your identity to be leaked to malicious entities.

safari icon blue banner
As shared last week by browser fingerprinting service FingerprintJS, there is an issue with the WebKit implementation of the IndexedDB JavaScript API. Any website that uses IndexedDB can access the names of IndexedDB databases generated by other websites during the same browsing session.

The bug permits a website to spy on other websites that the user visits while Safari is open, and because some websites use user-specific identifiers in their IndexedDB database names, personal information can be gleaned about the user and their browsing habits.

Browsers that use Apple's WebKit engine are impacted, and that includes Safari 15 for Mac and Safari for iOS 15 and iPadOS 15. Some third-party browsers like Chrome are also affected on iOS and iPadOS 15, but the macOS Monterey 12.2, iOS 15.3, and iPadOS 15.3 updates fix the vulnerability.

FingerprintJS constructed a demo website to let users check to see whether they're impacted, and as 9to5Mac notes, after updating to the new software, the website detects no security holes.

The website is designed to tell users details about their Google accounts. On iOS 15.2.1 and macOS Monterey 12.1, we tested and the demo website was able to detect our Google account. After updating to the macOS Monterey 12.2 RC and the iOS 15.3 RC, the demo website no longer detects any data.

Apple earlier this week prepared a fix for the bug and uploaded it to the WebKit page on GitHub, so we knew that Apple was working to address the vulnerability. With the macOS Monterey 12.2 and iOS 15.3 release candidates now available, we could see these updates be made available to the public as soon as next week.

Tag: Safari
Related Forums: iOS 15, macOS Monterey

Popular Stories

iphone air thickness

Apple Said to Cut iPhone Air Production Amid Underwhelming Sales

Friday October 17, 2025 8:29 am PDT by
Apple plans to cut production of the iPhone Air amid underwhelming sales performance, Japan's Mizuho Securities believes (via The Elec). The Japanese investment banking and securities firm claims that the iPhone 17 Pro and iPhone 17 Pro Max are seeing higher sales than their predecessors during the same period last year, while the standard iPhone 17 is a major success, performing...
Read Full Article475 comments
HomePod mini and Apple TV

Apple's Next Rumored Products: New HomePod Mini, Apple TV, and More

Thursday October 16, 2025 9:13 am PDT by
Apple on Wednesday updated the 14-inch MacBook Pro, iPad Pro, and Vision Pro with its next-generation M5 chip, but previous rumors have indicated that the company still plans to announce at least a few additional products before the end of the year. The following Apple products have at one point been rumored to be updated in 2025, although it is unclear if the timeframe for any of them has...
Read Full Article88 comments
maxresdefault

Here's Everything Apple Announced Today

Wednesday October 15, 2025 3:54 pm PDT by
We didn't get a second fall event this year, but Apple did unveil updated products with a series of press releases that went out today. The M5 chip made an appearance in new MacBook Pro, Vision Pro, and iPad Pro models. Subscribe to the MacRumors YouTube channel for more videos. We've rounded up our coverage and highlighted the main feature changes for each device below. MacBook Pro M5...
Read Full Article85 comments
14 inch MacBook Pro Keyboard

New 14-Inch MacBook Pro Has Two Key Upgrades Beyond the M5 Chip

Thursday October 16, 2025 8:31 am PDT by
Apple on Wednesday updated the 14-inch MacBook Pro base model with an M5 chip, and there are two key storage-related upgrades beyond that chip bump. First, Apple says the new 14-inch MacBook Pro offers up to 2× faster SSD performance than the equivalent previous-generation model, so read and write speeds should get a significant boost. Apple says it is using "the latest storage technology," ...
Read Full Article64 comments
iOS 26

iOS 26.0.2 Update for iPhones Coming Soon

Friday October 17, 2025 7:35 am PDT by
Apple's software engineers continue to internally test iOS 26.0.2, according to MacRumors logs, which have been a reliable indicator of upcoming iOS versions. iOS 26.0.2 will be a minor update that addresses bugs and/or security vulnerabilities, but we do not know any specific details yet. The update will likely be released by the end of next week. Last month, Apple released iOS 26.0.1,...
Read Full Article46 comments
iOS 26 Feature

iOS 26.1 to iOS 26.4 Will Add These New Features to Your iPhone

Saturday October 18, 2025 11:00 am PDT by
iOS 26 was released last month, but the software train never stops, and iOS 26.1 beta testing is already underway. So far, iOS 26.1 makes both Apple Intelligence and Live Translation on compatible AirPods available in additional languages, and it includes some other minor changes across the Apple Music, Calendar, Photos, Clock, and Safari apps. More features and changes will follow in future ...
Read Full Article70 comments
Apple iPad Pro hero M5

Apple Debuts New iPad Pro With M5 Chip, Faster Charging, and More

Wednesday October 15, 2025 6:16 am PDT by
Apple today announced the next-generation iPad Pro, featuring the custom-designed M5, C1X, and N1 chips. The M5 chip has up to a 10-core CPU, with four performance cores and six efficiency cores. It features a next-generation GPU with Neural Accelerator in each core, allowing the new iPad Pro to deliver up to 3.5x the AI performance than the previous model, and a third-generation ray-tracing ...
Read Full Article282 comments
M5 MacBook Pro

Apple Announces New 14-Inch MacBook Pro With M5 Chip

Wednesday October 15, 2025 6:07 am PDT by
Apple today updated the 14-inch MacBook Pro base model with its new M5 chip, which is also available in updated iPad Pro and Vision Pro models. In addition, the base 14-inch MacBook Pro can now be configured with up to 4TB of storage on Apple's online store, whereas the previous model maxed out at 2TB. However, the maximum amount of unified RAM available for this model remains 32GB. Like...
Read Full Article277 comments
m4 macbook air blue

M5 MacBook Air Coming Spring 2026 With M5 Mac Studio and Mac Mini in Development

Thursday October 16, 2025 3:57 pm PDT by
Apple plans to launch MacBook Air models equipped with the new M5 chip in spring 2026, according to Bloomberg's Mark Gurman. Apple is also working on M5 Pro and M5 Max MacBook Pro models that will come early in the year. Neither the MacBook Pro models nor the MacBook Air models are expected to get design changes, with Apple focusing on simple chip upgrades. In the case of the MacBook Pro, a m...
Read Full Article114 comments

Top Rated Comments

Dave-Z Avatar
Dave-Z
49 months ago

As discovered last week ('https://www.macrumors.com/2022/01/16/safari-15-webkit-indexeddb-bug/') by browser fingerprinting service FingerprintJS
It wasn't discovered last week. It was discovered last year, November 2021. It was disclosed to the public last week.


we knew that Apple was working to address the vulnerability in a timely manner
Addressing the issue nearly two months after it having been reported is not timely, especially considering this patch still hasn't reach the public. If the update comes out in one week that will have been two months since Apple first learned about it.
Score: 31 Votes (Like | Disagree)
centauratlas Avatar
centauratlas
49 months ago
"address the vulnerability in a timely manner.".

But is it really timely? Sure, timely since it was made public, but was it timely since they first were informed of it? I'd say no.
Score: 16 Votes (Like | Disagree)
CaTOAGU Avatar
CaTOAGU
49 months ago
It really does feel a bit silly that we’re still having to wait on OS level updates to fix a bug in a web browser.
Score: 15 Votes (Like | Disagree)
IGI2 Avatar
IGI2
49 months ago

It wasn't discovered last week. It was discovered last year, November 2021. It was disclosed to the public last week.



Addressing the issue nearly two months after it having been reported is not timely, especially considering this patch still hasn't reach the public. If the update comes out in one week that will have been two months since Apple first learned about it.
But to be fair, Google Project Zero (and others) has a disclosure policy of 90 days.

We know that this is a privacy breach, but still, modern OSs are fairly complex. Getting to know about it, analysis, fixing it, incorporating in all variants, QA testing, and distributing it to all end users across the globe in one time, whether it's iPhone 6s or iPhone 13 Pro Max is still within reasonable "timely" manner.

We know that they had some public pressure; that's why it's even shorter if we count days since it landed in the news.
Score: 9 Votes (Like | Disagree)
beanbaguk Avatar
beanbaguk
49 months ago
To all those members complaining about the "timely manner" statement. I would say this is very timely and your complaints indicate you have no experience in software development.

I've been in software development for many years (I am a Head of Product at a software technology company), and patching something isn't just a 5-minute job, even if you know what the issue is and how to fix it.

A small change on an API will impact many, many areas of a product and this means thorough testing is required, and diligence of any related libraries and products.

This is hugely time-consuming and since this product impacts so many platforms, it's not just a case of patching and letting it go into the wild. Especially in this instance, a security audit would have to also be conducted to show the result works, and this would have to be verified by multiple organisations.

Then, the patch has to be tested to ensure it deploys safely and correctly over the air. That update process takes time to implement, manage and check. It then needs checking again, more testing and feedback from users (beta), and devs to ensure they are not experiencing any issues. Again, all this takes time.

I hope this provides some perspective as to how and why these fixes take a little time.

It reminds me of the days when I used to build websites for clients. Talking to an individual who has zero ideas as to the complexities of a solid product is the most infuriating and patience-testing experience as a developer.

Anyway. Two months for a fix like this on this scale is perfectly acceptable.
Score: 8 Votes (Like | Disagree)
Macintosh TV Avatar
Macintosh TV
49 months ago
Mozilla has security issues that are more than 2 years old and filed in their system. Chrome has outstanding security issues older than this. Folks need to settle down. This stuff happens. It gets fixed. If you're unhappy with the speed at which a browser or OS patches issues, then it may be time to look elsewhere.
Score: 8 Votes (Like | Disagree)
Read All Comments