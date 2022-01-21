



Recently, we reported that Apple is working on fixing a Safari bug that could lead to a user browsing history and Google ID leak. Fortunately, Apple seems to have been able to fix the bug on iOS 15.3 RC and macOS Monterey 12.2 RC. Both of these were released to developers and beta users on Thursday.

This bug was first discovered by FingerprintJS, and websites use an exploit found in IndexedDB (the Javascript API used to store data) to access recently accessed URLs by users with their Google IDs and related information. It was revealed that personal data can be obtained.

However, our tests show that this exploit has been fixed in iOS 15.3 and macOS Monterey 12.2. FingerprintJS has built a demo website showing how the bug actually works. Anyone can visit this website to find out some of the URLs they recently visited and their Google Account details.

When I run the same test on devices updated to iOS 15.3 RC and macOS 12.2 RC, the website does not show any data and the user shows that they are not logged in to their Google account.

According to FingerprintJS, this exploit affected all iOS 15 and macOS Monterey releases prior to today’s build. iOS 14 was not affected by this bug. The same is true for users who are still using Safari 14 on Macs running versions prior to macOS Monterey.

Apple hasn’t announced when iOS 15.3 and macOS Monterey 12.2 will be officially released, but the company has already published a release candidate (RC), so everyone will use the update in the next few days. I expect to be able to do it. Build for testing.

