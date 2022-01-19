



Earlier this week, FingerprintJS revealed that Apple’s Safari web browser had a serious bug that allowed anyone to extract a user’s browsing history or Google user ID. As expected, Apple is currently working on a fix for this bug and will soon release it to users.

Based on the WebKit commit on GitHub, Apple engineers are already preparing a fix for a Safari bug that leaks user data. For those unfamiliar, WebKit is Apple’s browser engine that enhances Safari and other web browsers. Since WebKit is an open source engine, bug-related updates are publicly available and can now be found on GitHub.

Specifically, a bug was found in the implementation of IndexedDB, the Javascript API used to store data. Malicious websites can use this exploit to see URLs that users have recently visited or to obtain a Google User ID. You can use this ID to find your personal information.

Apple does not provide details about when the fix will be available to users. However, as MacRumors points out, this fix requires Apple to release an updated build of iOS 15 and macOS Monterey to include a new version of Safari that uses the latest WebKit engine.

Apple is currently testing on iOS 15.3 beta and macOS Monterey 12.2 beta, so the next beta update will probably fix Safari bugs. Please note that the WebKit version used in Safari 14 for iOS 14 is not affected by the bug.

For more information on this exploit, see the Fingerprint JS website.

