macOS Monterey 12.2 and iOS 15.3 Release Candidates Fix Safari Bug That Leaks Browsing Activity
The macOS Monterey 12.2 and iOS 15.3 release candidates that came out today appear to address a Safari bug that could cause your recent browsing history and details about your identity to be leaked to malicious entities.
As shared last week by browser fingerprinting service FingerprintJS, there is an issue with the WebKit implementation of the IndexedDB JavaScript API. Any website that uses IndexedDB can access the names of IndexedDB databases generated by other websites during the same browsing session.
The bug permits a website to spy on other websites that the user visits while Safari is open, and because some websites use user-specific identifiers in their IndexedDB database names, personal information can be gleaned about the user and their browsing habits.
Browsers that use Apple's WebKit engine are impacted, and that includes Safari 15 for Mac and Safari for iOS 15 and iPadOS 15. Some third-party browsers like Chrome are also affected on iOS and iPadOS 15, but the macOS Monterey 12.2, iOS 15.3, and iPadOS 15.3 updates fix the vulnerability.
FingerprintJS constructed a demo website to let users check to see whether they're impacted, and as 9to5Mac notes, after updating to the new software, the website detects no security holes.
The website is designed to tell users details about their Google accounts. On iOS 15.2.1 and macOS Monterey 12.1, we tested and the demo website was able to detect our Google account. After updating to the macOS Monterey 12.2 RC and the iOS 15.3 RC, the demo website no longer detects any data.
Apple earlier this week prepared a fix for the bug and uploaded it to the WebKit page on GitHub, so we knew that Apple was working to address the vulnerability. With the macOS Monterey 12.2 and iOS 15.3 release candidates now available, we could see these updates be made available to the public as soon as next week.
Related Stories
Apple today seeded the release candidate version of an upcoming macOS Monterey 12.2 update to developers for testing purposes, with the new software coming one week the second beta and more than a month after the release of macOS Monterey 12.1.
Registered developers can download the beta through the Apple Developer Center and after the appropriate profile is installed, betas will be...
Wednesday February 16, 2022 10:30 am PST by
Juli CloverApple today seeded the third beta of an upcoming macOS Monterey 12.3 update to its public beta testing group, with the new software coming a week after the second macOS Monterey 12.3 public beta.
Public beta testers can download the macOS 12.3 Monterey update from the Software Update section of the System Preferences app after installing the proper profile from Apple's beta software website.
...
Apple today released macOS Monterey 12.2.1, a minor bug fix update that comes two weeks after the launch of macOS Monterey 12.2.
The macOS Monterey 12.2.1 update can be downloaded on all eligible Macs using the Software Update section of System Preferences.
According to Apple's release notes, macOS Monterey 12.2.1 addresses a bug that was causing Bluetooth devices...
Apple today seeded the release candidate version of an upcoming macOS Monterey 12.3 update to developers for testing purposes, with the new software coming a week after the release of the fifth macOS Monterey 12.3 beta. The RC represents the final version of macOS Monterey 12.3 that will be released publicly next week. Registered developers can download the beta through the Apple Developer...
Apple today seeded the second beta of an upcoming macOS Monterey 12.3 update to its public beta testing group, with the new software coming a week after the first macOS Monterey 12.3 public beta.
Public beta testers can download the macOS 12.3 Monterey update from the Software Update section of the System Preferences app after installing the proper profile from Apple's beta software website.
...
Apple today seeded the second beta of an upcoming macOS macOS Monterey 12.3 update to developers for testing purposes, with the new software coming two weeks after the release of the first macOS Monterey 12.3 beta.
Registered developers can download the beta through the Apple Developer Center and after the appropriate profile is installed, betas will be available through the Software Update...
Apple today seeded the third beta of an upcoming macOS macOS Monterey 12.3 update to developers for testing purposes, with the new software coming a week after the release of the second macOS Monterey 12.3 beta.
Registered developers can download the beta through the Apple Developer Center and after the appropriate profile is installed, betas will be available through the Software Update...
Apple today seeded the fourth beta of an upcoming macOS macOS Monterey 12.3 update to developers for testing purposes, with the new software coming a week after the release of the third macOS Monterey 12.3 beta.
Registered developers can download the beta through the Apple Developer Center and after the appropriate profile is installed, betas will be available through the Software Update...
Popular Stories
Leaker Jon Prosser today shared ostensibly accurate renders of the iPhone 14 Pro, providing the most accurate look yet at what the device could look like when it launches later this year.
In the latest video on YouTube channel Front Page Tech, Prosser revealed renders of the iPhone 14 Pro made by Apple concept graphic designer Ian Zelbo, highlighting a range of specific design changes...
Last year's iPhone 13 Pro models were the first of Apple's smartphones to come with 120Hz ProMotion displays, and while the two iPhone 14 Pro models will continue to feature the technology, their screens could well boast expanded refresh rate variability this time round.
To bring ProMotion displays to the iPhone 13 Pro models, Apple adopted LTPO panel technology with variable refresh...
Amazon is marking down a wide variety of 11-inch and 12.9-inch iPad Pro models this week, with prices starting as low as $749.00 for the 11-inch tablet. You'll find the full list of sales below, all of which can be found on Amazon.
Note: MacRumors is an affiliate partner with some of these vendors. When you click a link and make a purchase, we may receive a small payment, which helps us keep...
Apple appears to have recently updated the Wallet app to allow users to add an Apple Account Card, which displays the Apple credit balance associated with an Apple ID.
If you receive an App Store or Apple Store gift card, for example, it is added to an Apple Account that was previously visible in the App Store and Apple Store apps. As of today, the Apple Account balance can also be added to...
Apple in February unveiled a new "Tap to Pay on iPhone" feature that will allow compatible iPhones to accept payments via Apple Pay, contactless credit and debit cards, and other digital wallets, with no additional hardware required.
Apple began testing the feature at its Apple Park Visitor Center earlier this month, and now Bloomberg's Mark Gurman has tweeted that the feature will begin...
Apple today confirmed that the keynote event for the Worldwide Developers Conference will begin at 10:00 a.m. Pacific Time on June 6, the first day of WWDC. The keynote will be an online-only event, though a select number of developers have been invited to the Apple Park campus for a viewing event.
In addition to confirming the keynote date and time, Apple has shared the full WWDC 2022...
Top Rated Comments
Addressing the issue nearly two months after it having been reported is not timely, especially considering this patch still hasn't reach the public. If the update comes out in one week that will have been two months since Apple first learned about it.
But is it really timely? Sure, timely since it was made public, but was it timely since they first were informed of it? I'd say no.
We know that this is a privacy breach, but still, modern OSs are fairly complex. Getting to know about it, analysis, fixing it, incorporating in all variants, QA testing, and distributing it to all end users across the globe in one time, whether it's iPhone 6s or iPhone 13 Pro Max is still within reasonable "timely" manner.
We know that they had some public pressure; that's why it's even shorter if we count days since it landed in the news.
I've been in software development for many years (I am a Head of Product at a software technology company), and patching something isn't just a 5-minute job, even if you know what the issue is and how to fix it.
A small change on an API will impact many, many areas of a product and this means thorough testing is required, and diligence of any related libraries and products.
This is hugely time-consuming and since this product impacts so many platforms, it's not just a case of patching and letting it go into the wild. Especially in this instance, a security audit would have to also be conducted to show the result works, and this would have to be verified by multiple organisations.
Then, the patch has to be tested to ensure it deploys safely and correctly over the air. That update process takes time to implement, manage and check. It then needs checking again, more testing and feedback from users (beta), and devs to ensure they are not experiencing any issues. Again, all this takes time.
I hope this provides some perspective as to how and why these fixes take a little time.
It reminds me of the days when I used to build websites for clients. Talking to an individual who has zero ideas as to the complexities of a solid product is the most infuriating and patience-testing experience as a developer.
Anyway. Two months for a fix like this on this scale is perfectly acceptable.