macOS Monterey 12.2 and iOS 15.3 Release Candidates Fix Safari Bug That Leaks Browsing Activity
The macOS Monterey 12.2 and iOS 15.3 release candidates that came out today appear to address a Safari bug that could cause your recent browsing history and details about your identity to be leaked to malicious entities.
As shared last week by browser fingerprinting service FingerprintJS, there is an issue with the WebKit implementation of the IndexedDB JavaScript API. Any website that uses IndexedDB can access the names of IndexedDB databases generated by other websites during the same browsing session.
The bug permits a website to spy on other websites that the user visits while Safari is open, and because some websites use user-specific identifiers in their IndexedDB database names, personal information can be gleaned about the user and their browsing habits.
Browsers that use Apple's WebKit engine are impacted, and that includes Safari 15 for Mac and Safari for iOS 15 and iPadOS 15. Some third-party browsers like Chrome are also affected on iOS and iPadOS 15, but the macOS Monterey 12.2, iOS 15.3, and iPadOS 15.3 updates fix the vulnerability.
FingerprintJS constructed a demo website to let users check to see whether they're impacted, and as 9to5Mac notes, after updating to the new software, the website detects no security holes.
The website is designed to tell users details about their Google accounts. On iOS 15.2.1 and macOS Monterey 12.1, we tested and the demo website was able to detect our Google account. After updating to the macOS Monterey 12.2 RC and the iOS 15.3 RC, the demo website no longer detects any data.
Apple earlier this week prepared a fix for the bug and uploaded it to the WebKit page on GitHub, so we knew that Apple was working to address the vulnerability. With the macOS Monterey 12.2 and iOS 15.3 release candidates now available, we could see these updates be made available to the public as soon as next week.
Related Stories
Apple today seeded the release candidate version of an upcoming macOS Monterey 12.2 update to developers for testing purposes, with the new software coming one week the second beta and more than a month after the release of macOS Monterey 12.1.
Registered developers can download the beta through the Apple Developer Center and after the appropriate profile is installed, betas will be...
Wednesday February 16, 2022 10:30 am PST by
Juli CloverApple today seeded the third beta of an upcoming macOS Monterey 12.3 update to its public beta testing group, with the new software coming a week after the second macOS Monterey 12.3 public beta.
Public beta testers can download the macOS 12.3 Monterey update from the Software Update section of the System Preferences app after installing the proper profile from Apple's beta software website.
...
Apple today released macOS Monterey 12.2.1, a minor bug fix update that comes two weeks after the launch of macOS Monterey 12.2.
The macOS Monterey 12.2.1 update can be downloaded on all eligible Macs using the Software Update section of System Preferences.
According to Apple's release notes, macOS Monterey 12.2.1 addresses a bug that was causing Bluetooth devices...
Apple today seeded the release candidate version of an upcoming macOS Monterey 12.3 update to developers for testing purposes, with the new software coming a week after the release of the fifth macOS Monterey 12.3 beta. The RC represents the final version of macOS Monterey 12.3 that will be released publicly next week. Registered developers can download the beta through the Apple Developer...
Apple today seeded the second beta of an upcoming macOS Monterey 12.3 update to its public beta testing group, with the new software coming a week after the first macOS Monterey 12.3 public beta.
Public beta testers can download the macOS 12.3 Monterey update from the Software Update section of the System Preferences app after installing the proper profile from Apple's beta software website.
...
Apple today seeded the second beta of an upcoming macOS macOS Monterey 12.3 update to developers for testing purposes, with the new software coming two weeks after the release of the first macOS Monterey 12.3 beta.
Registered developers can download the beta through the Apple Developer Center and after the appropriate profile is installed, betas will be available through the Software Update...
Apple today seeded the third beta of an upcoming macOS macOS Monterey 12.3 update to developers for testing purposes, with the new software coming a week after the release of the second macOS Monterey 12.3 beta.
Registered developers can download the beta through the Apple Developer Center and after the appropriate profile is installed, betas will be available through the Software Update...
Apple today seeded the fourth beta of an upcoming macOS macOS Monterey 12.3 update to developers for testing purposes, with the new software coming a week after the release of the third macOS Monterey 12.3 beta.
Registered developers can download the beta through the Apple Developer Center and after the appropriate profile is installed, betas will be available through the Software Update...
Popular Stories
The M2 MacBook Pro has started making its way into customers' hands and we're learning more about how it performs in a variety of situations, but all eyes are really on the upcoming M2 MacBook Air which has seen a complete redesign and should be arriving in a couple of weeks.
Other top stories this week included a host of product rumors including additional M2 and even M3 Macs, an updated...
Apple today began selling refurbished Mac Studio models for the first time in the United States, Canada, and select European countries, such as Belgium, Germany, Ireland, Spain, Switzerland, the Netherlands, and the United Kingdom.
In the United States, two refurbished Mac Studio configurations are currently available, including one with the M1 Max chip (10-core CPU and 24-core GPU) for...
While past rumors have indicated the upcoming second-generation AirPods Pro will feature a built-in heart rate and body temperature sensor, Bloomberg's Mark Gurman has cast doubt on those rumors turning out to be true, saying instead such a feature is unlikely to come anytime soon.
"Over the past few months, there have been rumors about this year's model gaining the ability to determine a...
Apple is working on an Apple Watch Series 8 model with a larger display, according to DSCC's Ross Young and Haitong International Securities's Jeff Pu.
In October last year, Young suggested that the Apple Watch Series 8 could come in three display sizes. Now, responding to a query about the rumor on Twitter, Young claims that the additional display size joining the Apple Watch lineup will be ...
The redesigned MacBook Air with the all-new M2 Apple silicon chip will be available for customers starting Friday, July 15, MacRumors has learned from a retail source. The new MacBook Air was announced and previewed during WWDC earlier this month, with Apple stating availability will begin in July. The MacBook Air features a redesigned body that is thinner and lighter than the previous...
Top Rated Comments
Addressing the issue nearly two months after it having been reported is not timely, especially considering this patch still hasn't reach the public. If the update comes out in one week that will have been two months since Apple first learned about it.
But is it really timely? Sure, timely since it was made public, but was it timely since they first were informed of it? I'd say no.
We know that this is a privacy breach, but still, modern OSs are fairly complex. Getting to know about it, analysis, fixing it, incorporating in all variants, QA testing, and distributing it to all end users across the globe in one time, whether it's iPhone 6s or iPhone 13 Pro Max is still within reasonable "timely" manner.
We know that they had some public pressure; that's why it's even shorter if we count days since it landed in the news.
I've been in software development for many years (I am a Head of Product at a software technology company), and patching something isn't just a 5-minute job, even if you know what the issue is and how to fix it.
A small change on an API will impact many, many areas of a product and this means thorough testing is required, and diligence of any related libraries and products.
This is hugely time-consuming and since this product impacts so many platforms, it's not just a case of patching and letting it go into the wild. Especially in this instance, a security audit would have to also be conducted to show the result works, and this would have to be verified by multiple organisations.
Then, the patch has to be tested to ensure it deploys safely and correctly over the air. That update process takes time to implement, manage and check. It then needs checking again, more testing and feedback from users (beta), and devs to ensure they are not experiencing any issues. Again, all this takes time.
I hope this provides some perspective as to how and why these fixes take a little time.
It reminds me of the days when I used to build websites for clients. Talking to an individual who has zero ideas as to the complexities of a solid product is the most infuriating and patience-testing experience as a developer.
Anyway. Two months for a fix like this on this scale is perfectly acceptable.