macOS Monterey 12.2 and iOS 15.3 Release Candidates Fix Safari Bug That Leaks Browsing Activity

The macOS Monterey 12.2 and iOS 15.3 release candidates that came out today appear to address a Safari bug that could cause your recent browsing history and details about your identity to be leaked to malicious entities.

safari icon blue banner
As shared last week by browser fingerprinting service FingerprintJS, there is an issue with the WebKit implementation of the IndexedDB JavaScript API. Any website that uses IndexedDB can access the names of IndexedDB databases generated by other websites during the same browsing session.

The bug permits a website to spy on other websites that the user visits while Safari is open, and because some websites use user-specific identifiers in their IndexedDB database names, personal information can be gleaned about the user and their browsing habits.

Browsers that use Apple's WebKit engine are impacted, and that includes Safari 15 for Mac and Safari for iOS 15 and iPadOS 15. Some third-party browsers like Chrome are also affected on iOS and ‌iPadOS 15‌, but the macOS Monterey 12.2, iOS 15.3, and iPadOS 15.3 updates fix the vulnerability.

FingerprintJS constructed a demo website to let users check to see whether they're impacted, and as 9to5Mac notes, after updating to the new software, the website detects no security holes.

The website is designed to tell users details about their Google accounts. On iOS 15.2.1 and ‌macOS Monterey‌ 12.1, we tested and the demo website was able to detect our Google account. After updating to the ‌macOS Monterey‌ 12.2 RC and the iOS 15.3 RC, the demo website no longer detects any data.

Apple earlier this week prepared a fix for the bug and uploaded it to the WebKit page on GitHub, so we knew that Apple was working to address the vulnerability. With the ‌macOS Monterey‌ 12.2 and iOS 15.3 release candidates now available, we could see these updates be made available to the public as soon as next week.

Related Roundups: iPadOS 15, macOS Monterey
Tag: Safari
Related Forums: iOS 15, macOS Monterey

Top Rated Comments

Dave-Z Avatar
11 months ago

As discovered last week ('https://www.macrumors.com/2022/01/16/safari-15-webkit-indexeddb-bug/') by browser fingerprinting service FingerprintJS
It wasn't discovered last week. It was discovered last year, November 2021. It was disclosed to the public last week.


we knew that Apple was working to address the vulnerability in a timely manner
Addressing the issue nearly two months after it having been reported is not timely, especially considering this patch still hasn't reach the public. If the update comes out in one week that will have been two months since Apple first learned about it.
Score: 31 Votes (Like | Disagree)
centauratlas Avatar
11 months ago
"address the vulnerability in a timely manner.".

But is it really timely? Sure, timely since it was made public, but was it timely since they first were informed of it? I'd say no.
Score: 16 Votes (Like | Disagree)
CaTOAGU Avatar
11 months ago
It really does feel a bit silly that we’re still having to wait on OS level updates to fix a bug in a web browser.
Score: 15 Votes (Like | Disagree)
IGI2 Avatar
11 months ago

It wasn't discovered last week. It was discovered last year, November 2021. It was disclosed to the public last week.



Addressing the issue nearly two months after it having been reported is not timely, especially considering this patch still hasn't reach the public. If the update comes out in one week that will have been two months since Apple first learned about it.
But to be fair, Google Project Zero (and others) has a disclosure policy of 90 days.

We know that this is a privacy breach, but still, modern OSs are fairly complex. Getting to know about it, analysis, fixing it, incorporating in all variants, QA testing, and distributing it to all end users across the globe in one time, whether it's iPhone 6s or iPhone 13 Pro Max is still within reasonable "timely" manner.

We know that they had some public pressure; that's why it's even shorter if we count days since it landed in the news.
Score: 9 Votes (Like | Disagree)
beanbaguk Avatar
11 months ago
To all those members complaining about the "timely manner" statement. I would say this is very timely and your complaints indicate you have no experience in software development.

I've been in software development for many years (I am a Head of Product at a software technology company), and patching something isn't just a 5-minute job, even if you know what the issue is and how to fix it.

A small change on an API will impact many, many areas of a product and this means thorough testing is required, and diligence of any related libraries and products.

This is hugely time-consuming and since this product impacts so many platforms, it's not just a case of patching and letting it go into the wild. Especially in this instance, a security audit would have to also be conducted to show the result works, and this would have to be verified by multiple organisations.

Then, the patch has to be tested to ensure it deploys safely and correctly over the air. That update process takes time to implement, manage and check. It then needs checking again, more testing and feedback from users (beta), and devs to ensure they are not experiencing any issues. Again, all this takes time.

I hope this provides some perspective as to how and why these fixes take a little time.

It reminds me of the days when I used to build websites for clients. Talking to an individual who has zero ideas as to the complexities of a solid product is the most infuriating and patience-testing experience as a developer.

Anyway. Two months for a fix like this on this scale is perfectly acceptable.
Score: 8 Votes (Like | Disagree)
Macintosh TV Avatar
11 months ago
Mozilla has security issues that are more than 2 years old and filed in their system. Chrome has outstanding security issues older than this. Folks need to settle down. This stuff happens. It gets fixed. If you're unhappy with the speed at which a browser or OS patches issues, then it may be time to look elsewhere.
Score: 8 Votes (Like | Disagree)

Related Stories

macOS Monterey on MBP Feature

Apple Seeds macOS Monterey 12.2 Release Candidate to Developers [Update: Public Beta Available]

Thursday January 20, 2022 10:22 am PST by
Apple today seeded the release candidate version of an upcoming macOS Monterey 12.2 update to developers for testing purposes, with the new software coming one week the second beta and more than a month after the release of macOS Monterey 12.1. Registered developers can download the beta through the Apple Developer Center and after the appropriate profile is installed, betas will be...
macOS Monterey 2

Apple Seeds Third Public Beta of macOS Monterey With Universal Control

Wednesday February 16, 2022 10:30 am PST by
Apple today seeded the third beta of an upcoming macOS Monterey 12.3 update to its public beta testing group, with the new software coming a week after the second macOS Monterey 12.3 public beta. Public beta testers can download the macOS 12.3 Monterey update from the Software Update section of the System Preferences app after installing the proper profile from Apple's beta software website. ...
macOS Monterey on MBP Feature

Apple Releases macOS Monterey 12.2.1 With Bluetooth Battery Drain Bug Fix

Thursday February 10, 2022 10:24 am PST by
Apple today released macOS Monterey 12.2.1, a minor bug fix update that comes two weeks after the launch of macOS Monterey 12.2. The ‌‌‌‌macOS Monterey‌ 12.2.1‌‌ update can be downloaded on all eligible Macs using the Software Update section of System Preferences. According to Apple's release notes, macOS Monterey 12.2.1 addresses a bug that was causing Bluetooth devices...
macOS Monterey on MBP Feature

Apple Seeds Release Candidate Version macOS Monterey 12.3 Beta to Developers and Public Beta Testers

Tuesday March 8, 2022 11:23 am PST by
Apple today seeded the release candidate version of an upcoming macOS Monterey 12.3 update to developers for testing purposes, with the new software coming a week after the release of the fifth macOS Monterey 12.3 beta. The RC represents the final version of macOS Monterey 12.3 that will be released publicly next week. Registered developers can download the beta through the Apple Developer...
macOS Monterey 2

Apple Seeds Second Public Beta of macOS Monterey With Universal Control

Wednesday February 9, 2022 10:25 am PST by
Apple today seeded the second beta of an upcoming macOS Monterey 12.3 update to its public beta testing group, with the new software coming a week after the first macOS Monterey 12.3 public beta. Public beta testers can download the macOS 12.3 Monterey update from the Software Update section of the System Preferences app after installing the proper profile from Apple's beta software website. ...
macOS Monterey on MBP Feature

Apple Seeds Second macOS Monterey 12.3 Beta to Developers

Tuesday February 8, 2022 10:08 am PST by
Apple today seeded the second beta of an upcoming macOS macOS Monterey 12.3 update to developers for testing purposes, with the new software coming two weeks after the release of the first macOS Monterey 12.3 beta. Registered developers can download the beta through the Apple Developer Center and after the appropriate profile is installed, betas will be available through the Software Update...
macOS Monterey on MBP Feature

Apple Seeds Third macOS Monterey 12.3 Beta to Developers

Tuesday February 15, 2022 10:13 am PST by
Apple today seeded the third beta of an upcoming macOS macOS Monterey 12.3 update to developers for testing purposes, with the new software coming a week after the release of the second macOS Monterey 12.3 beta. Registered developers can download the beta through the Apple Developer Center and after the appropriate profile is installed, betas will be available through the Software Update...
macOS Monterey on MBP Feature

Apple Seeds Fourth macOS Monterey 12.3 Beta to Developers [Update: Public Beta Available]

Tuesday February 22, 2022 10:08 am PST by
Apple today seeded the fourth beta of an upcoming macOS macOS Monterey 12.3 update to developers for testing purposes, with the new software coming a week after the release of the third macOS Monterey 12.3 beta. Registered developers can download the beta through the Apple Developer Center and after the appropriate profile is installed, betas will be available through the Software Update...

Popular Stories

Emergency SOS via Satellite iPhone YT

Apple's iPhone 14 Emergency SOS via Satellite Feature Saves Stranded Man in Alaska

Thursday December 1, 2022 4:37 pm PST by
With the launch of iOS 16.1, Apple rolled out a Emergency SOS via Satellite, which is designed to allow iPhone 14 owners to contact emergency services using satellite connectivity when no cellular or WiFi connection is available. The feature was put to the test in Alaska today, when a man became stranded in a rural area. In the early hours of the morning on December 1, Alaska State Troopers ...
iPhone Measure Height

Newer iPhones Allow You to Measure Someone's Height Instantly — Here's How

Saturday December 3, 2022 10:23 am PST by
iPhone 12 Pro and Pro Max, iPhone 13 Pro and Pro Max, and iPhone 14 Pro and Pro Max models feature a LiDAR Scanner next to the rear camera that can be used to measure a person's height instantly in Apple's preinstalled Measure app. To measure a person's height, simply open the Measure app, point your iPhone at the person you want to measure, and make sure they are visible on the screen from...
General iOS 16 Feature Yellow

iOS 16.2 for iPhone Launching This Month With These 8 New Features

Thursday December 1, 2022 8:44 am PST by
Apple plans to publicly release iOS 16.2 for the iPhone in mid-December, according to Bloomberg's Mark Gurman. The update remains in beta testing for now, with at least eight new features and changes already uncovered so far. iOS 16.2 introduces a number of new features, including Apple's new whiteboard app Freeform, two new Lock Screen widgets for Sleep and Medications, the ability to hide...
iOS 16

When Will iOS 16.2 Be Released?

Friday December 2, 2022 2:13 pm PST by
Apple in late October began testing iOS 16.2 and iPadOS 16.2 updates, providing betas to both developers and public beta testers. As of now, we've had four total betas, with the fourth beta having been released earlier this week. iOS 16.2 and iPadOS 16.2 are expected before the end of the year, and we thought we'd try to narrow down the launch timeline. With only four betas released since...
14 vs 16 inch mbp m2 pro and max feature 1

Major RAM Upgrade Coming to Next-Generation MacBook Pro

Friday December 2, 2022 2:03 am PST by
The next-generation MacBook Pro models could feature faster RAM, according to a recent report from a reliable source. MacRumors Forums member "Amethyst," who accurately revealed details about the Mac Studio and Studio Display before those products were announced, recently provided information about Apple's upcoming 14- and 16-inch MacBook Pro models. The new machines are expected to feature...
iPad 10 Battery Pull Tabs

iPad 10 Teardown Reveals Why Device Isn't Compatible With Apple Pencil 2

Thursday December 1, 2022 10:48 am PST by
Do-it-yourself repair website iFixit today shared a video teardown of Apple's new 10th-generation iPad, providing a closer look inside the tablet and revealing why the device lacks support for the second-generation Apple Pencil. The teardown reveals the internal layout of the iPad, including its two-cell 7,606 mAh battery, logic board with the A14 Bionic chip, and more. As suspected, the...
android apple fix rcs

Google Again Criticizes Apple for Not Adopting RCS for Messages App: 'Their Texting is Stuck in the 1990s'

Friday December 2, 2022 10:54 am PST by
Google is continuing on with its attempt to convince Apple to adopt the RCS messaging standard, publishing a new "it's time for RCS" blog post. Promoted heavily by Google, RCS or Rich Communication Services is a messaging standard that is designed to replace the current SMS messaging standard. It provides support for higher resolution photos and videos, audio messages, and bigger file sizes, ...
ios 16 2 beta notifiation center

PSA: Older Notifications No Longer Hidden in Notification Center in iOS 16.2 Beta 4

Friday December 2, 2022 5:23 am PST by
In a small but significant change to the way the Notification Center works in the latest iOS 16.2 beta, older notifications are now shown by default without having to swipe up. In the current release as well as earlier versions of iOS 16, users do not automatically see older notifications in the Notification Center like they did in iOS 15, and instead must manually swipe up from the middle...
lastpass

LastPass Hacked for Second Time This Year

Friday December 2, 2022 4:04 am PST by
Password management app LastPass says it is investigating a security incident after an "unauthorized party" compromised its systems on Wednesday and gained access to some customer information. The information was stored in a third-party cloud service shared by LastPass and parent company GoTo, said LastPass CEO Karim Toubba in a blog post. Toubba said the hackers used information stolen from ...
Apple Card Savings

Apple Card Customer Agreement Updated for 'Upcoming' Savings Account Feature

Friday December 2, 2022 11:43 am PST by
Goldman Sachs this week updated its Apple Card customer agreement to reflect the credit card's upcoming Daily Cash savings account feature, which was expected to launch with iOS 16.1 but appears to have been delayed. "To enable new ways to use Daily Cash like the upcoming Savings account feature, we are updating the Daily Cash Program section of your Apple Card Customer Agreement," reads an...