macOS Monterey 12.2 and iOS 15.3 Release Candidates Fix Safari Bug That Leaks Browsing Activity

The macOS Monterey 12.2 and iOS 15.3 release candidates that came out today appear to address a Safari bug that could cause your recent browsing history and details about your identity to be leaked to malicious entities.

safari icon blue banner
As shared last week by browser fingerprinting service FingerprintJS, there is an issue with the WebKit implementation of the IndexedDB JavaScript API. Any website that uses IndexedDB can access the names of IndexedDB databases generated by other websites during the same browsing session.

The bug permits a website to spy on other websites that the user visits while Safari is open, and because some websites use user-specific identifiers in their IndexedDB database names, personal information can be gleaned about the user and their browsing habits.

Browsers that use Apple's WebKit engine are impacted, and that includes Safari 15 for Mac and Safari for iOS 15 and iPadOS 15. Some third-party browsers like Chrome are also affected on iOS and ‌iPadOS 15‌, but the macOS Monterey 12.2, iOS 15.3, and iPadOS 15.3 updates fix the vulnerability.

FingerprintJS constructed a demo website to let users check to see whether they're impacted, and as 9to5Mac notes, after updating to the new software, the website detects no security holes.

The website is designed to tell users details about their Google accounts. On iOS 15.2.1 and ‌macOS Monterey‌ 12.1, we tested and the demo website was able to detect our Google account. After updating to the ‌macOS Monterey‌ 12.2 RC and the iOS 15.3 RC, the demo website no longer detects any data.

Apple earlier this week prepared a fix for the bug and uploaded it to the WebKit page on GitHub, so we knew that Apple was working to address the vulnerability. With the ‌macOS Monterey‌ 12.2 and iOS 15.3 release candidates now available, we could see these updates be made available to the public as soon as next week.

Related Roundups: iOS 15, iPadOS 15, macOS Monterey
Tag: Safari
Related Forums: iOS 15, macOS Monterey

Top Rated Comments

Dave-Z Avatar
24 weeks ago

As discovered last week ('https://www.macrumors.com/2022/01/16/safari-15-webkit-indexeddb-bug/') by browser fingerprinting service FingerprintJS
It wasn't discovered last week. It was discovered last year, November 2021. It was disclosed to the public last week.


we knew that Apple was working to address the vulnerability in a timely manner
Addressing the issue nearly two months after it having been reported is not timely, especially considering this patch still hasn't reach the public. If the update comes out in one week that will have been two months since Apple first learned about it.
Score: 31 Votes (Like | Disagree)
centauratlas Avatar
24 weeks ago
"address the vulnerability in a timely manner.".

But is it really timely? Sure, timely since it was made public, but was it timely since they first were informed of it? I'd say no.
Score: 16 Votes (Like | Disagree)
CaTOAGU Avatar
24 weeks ago
It really does feel a bit silly that we’re still having to wait on OS level updates to fix a bug in a web browser.
Score: 15 Votes (Like | Disagree)
IGI2 Avatar
24 weeks ago

It wasn't discovered last week. It was discovered last year, November 2021. It was disclosed to the public last week.



Addressing the issue nearly two months after it having been reported is not timely, especially considering this patch still hasn't reach the public. If the update comes out in one week that will have been two months since Apple first learned about it.
But to be fair, Google Project Zero (and others) has a disclosure policy of 90 days.

We know that this is a privacy breach, but still, modern OSs are fairly complex. Getting to know about it, analysis, fixing it, incorporating in all variants, QA testing, and distributing it to all end users across the globe in one time, whether it's iPhone 6s or iPhone 13 Pro Max is still within reasonable "timely" manner.

We know that they had some public pressure; that's why it's even shorter if we count days since it landed in the news.
Score: 9 Votes (Like | Disagree)
beanbaguk Avatar
24 weeks ago
To all those members complaining about the "timely manner" statement. I would say this is very timely and your complaints indicate you have no experience in software development.

I've been in software development for many years (I am a Head of Product at a software technology company), and patching something isn't just a 5-minute job, even if you know what the issue is and how to fix it.

A small change on an API will impact many, many areas of a product and this means thorough testing is required, and diligence of any related libraries and products.

This is hugely time-consuming and since this product impacts so many platforms, it's not just a case of patching and letting it go into the wild. Especially in this instance, a security audit would have to also be conducted to show the result works, and this would have to be verified by multiple organisations.

Then, the patch has to be tested to ensure it deploys safely and correctly over the air. That update process takes time to implement, manage and check. It then needs checking again, more testing and feedback from users (beta), and devs to ensure they are not experiencing any issues. Again, all this takes time.

I hope this provides some perspective as to how and why these fixes take a little time.

It reminds me of the days when I used to build websites for clients. Talking to an individual who has zero ideas as to the complexities of a solid product is the most infuriating and patience-testing experience as a developer.

Anyway. Two months for a fix like this on this scale is perfectly acceptable.
Score: 8 Votes (Like | Disagree)
Macintosh TV Avatar
24 weeks ago
Mozilla has security issues that are more than 2 years old and filed in their system. Chrome has outstanding security issues older than this. Folks need to settle down. This stuff happens. It gets fixed. If you're unhappy with the speed at which a browser or OS patches issues, then it may be time to look elsewhere.
Score: 8 Votes (Like | Disagree)

Related Stories

macOS Monterey on MBP Feature

Apple Seeds macOS Monterey 12.2 Release Candidate to Developers [Update: Public Beta Available]

Thursday January 20, 2022 10:22 am PST by
Apple today seeded the release candidate version of an upcoming macOS Monterey 12.2 update to developers for testing purposes, with the new software coming one week the second beta and more than a month after the release of macOS Monterey 12.1. Registered developers can download the beta through the Apple Developer Center and after the appropriate profile is installed, betas will be...
macOS Monterey 2

Apple Seeds Third Public Beta of macOS Monterey With Universal Control

Wednesday February 16, 2022 10:30 am PST by
Apple today seeded the third beta of an upcoming macOS Monterey 12.3 update to its public beta testing group, with the new software coming a week after the second macOS Monterey 12.3 public beta. Public beta testers can download the macOS 12.3 Monterey update from the Software Update section of the System Preferences app after installing the proper profile from Apple's beta software website. ...
macOS Monterey on MBP Feature

Apple Releases macOS Monterey 12.2.1 With Bluetooth Battery Drain Bug Fix

Thursday February 10, 2022 10:24 am PST by
Apple today released macOS Monterey 12.2.1, a minor bug fix update that comes two weeks after the launch of macOS Monterey 12.2. The ‌‌‌‌macOS Monterey‌ 12.2.1‌‌ update can be downloaded on all eligible Macs using the Software Update section of System Preferences. According to Apple's release notes, macOS Monterey 12.2.1 addresses a bug that was causing Bluetooth devices...
macOS Monterey on MBP Feature

Apple Seeds Release Candidate Version macOS Monterey 12.3 Beta to Developers and Public Beta Testers

Tuesday March 8, 2022 11:23 am PST by
Apple today seeded the release candidate version of an upcoming macOS Monterey 12.3 update to developers for testing purposes, with the new software coming a week after the release of the fifth macOS Monterey 12.3 beta. The RC represents the final version of macOS Monterey 12.3 that will be released publicly next week. Registered developers can download the beta through the Apple Developer...
macOS Monterey 2

Apple Seeds Second Public Beta of macOS Monterey With Universal Control

Wednesday February 9, 2022 10:25 am PST by
Apple today seeded the second beta of an upcoming macOS Monterey 12.3 update to its public beta testing group, with the new software coming a week after the first macOS Monterey 12.3 public beta. Public beta testers can download the macOS 12.3 Monterey update from the Software Update section of the System Preferences app after installing the proper profile from Apple's beta software website. ...
macOS Monterey on MBP Feature

Apple Seeds Second macOS Monterey 12.3 Beta to Developers

Tuesday February 8, 2022 10:08 am PST by
Apple today seeded the second beta of an upcoming macOS macOS Monterey 12.3 update to developers for testing purposes, with the new software coming two weeks after the release of the first macOS Monterey 12.3 beta. Registered developers can download the beta through the Apple Developer Center and after the appropriate profile is installed, betas will be available through the Software Update...
macOS Monterey on MBP Feature

Apple Seeds Third macOS Monterey 12.3 Beta to Developers

Tuesday February 15, 2022 10:13 am PST by
Apple today seeded the third beta of an upcoming macOS macOS Monterey 12.3 update to developers for testing purposes, with the new software coming a week after the release of the second macOS Monterey 12.3 beta. Registered developers can download the beta through the Apple Developer Center and after the appropriate profile is installed, betas will be available through the Software Update...
macOS Monterey on MBP Feature

Apple Seeds Fourth macOS Monterey 12.3 Beta to Developers [Update: Public Beta Available]

Tuesday February 22, 2022 10:08 am PST by
Apple today seeded the fourth beta of an upcoming macOS macOS Monterey 12.3 update to developers for testing purposes, with the new software coming a week after the release of the third macOS Monterey 12.3 beta. Registered developers can download the beta through the Apple Developer Center and after the appropriate profile is installed, betas will be available through the Software Update...

Popular Stories

top stories 2jul2022

Top Stories: M2 MacBook Air Release Date, New HomePod Rumor, and More

Saturday July 2, 2022 6:00 am PDT by
The M2 MacBook Pro has started making its way into customers' hands and we're learning more about how it performs in a variety of situations, but all eyes are really on the upcoming M2 MacBook Air which has seen a complete redesign and should be arriving in a couple of weeks. Other top stories this week included a host of product rumors including additional M2 and even M3 Macs, an updated...
Mac Studio IO

Apple Begins Selling Refurbished Mac Studio Models

Thursday June 30, 2022 7:42 pm PDT by
Apple today began selling refurbished Mac Studio models for the first time in the United States, Canada, and select European countries, such as Belgium, Germany, Ireland, Spain, Switzerland, the Netherlands, and the United Kingdom. In the United States, two refurbished Mac Studio configurations are currently available, including one with the M1 Max chip (10-core CPU and 24-core GPU) for...
airpods pro 2 1

AirPods Pro 2 No Longer Expected to Feature Built-In Heart Rate or Body Temperature Sensor

Sunday July 3, 2022 8:07 pm PDT by
While past rumors have indicated the upcoming second-generation AirPods Pro will feature a built-in heart rate and body temperature sensor, Bloomberg's Mark Gurman has cast doubt on those rumors turning out to be true, saying instead such a feature is unlikely to come anytime soon. "Over the past few months, there have been rumors about this year's model gaining the ability to determine a...
Apple Watch 8 Unreleased Feature Thumb

Apple Watch Series 8 Model Rumored to Feature 5% Larger Display

Monday July 4, 2022 5:50 am PDT by
Apple is working on an Apple Watch Series 8 model with a larger display, according to DSCC's Ross Young and Haitong International Securities's Jeff Pu. In October last year, Young suggested that the Apple Watch Series 8 could come in three display sizes. Now, responding to a query about the rumor on Twitter, Young claims that the additional display size joining the Apple Watch lineup will be ...
macbook air m2

Exclusive: Apple Plans to Launch MacBook Air With M2 Chip on July 15

Wednesday June 29, 2022 5:23 pm PDT by
The redesigned MacBook Air with the all-new M2 Apple silicon chip will be available for customers starting Friday, July 15, MacRumors has learned from a retail source. The new MacBook Air was announced and previewed during WWDC earlier this month, with Apple stating availability will begin in July. The MacBook Air features a redesigned body that is thinner and lighter than the previous...