Apple Prepares Fix for Safari Bug Allowing Websites to Decipher Your Recent Browsing Activity

Over the weekend, we reported on a bug in WebKit’s implementation of a JavaScript API called IndexedDB that can reveal your recent browsing history and even your identity, according to browser fingerprinting service FingerprintJS.

safari icon blue banner
Apple has since prepared a fix for the bug, according to a WebKit commit on GitHub, but the fix will not be available to users until Apple releases macOS Monterey, iOS 15, and iPadOS 15 updates with an updated version of Safari. Apple declined to comment when asked to provide a timeframe for a fix being released to the public.

The bug allows any website that uses IndexedDB for client-side data storage to access the names of IndexedDB databases generated by other websites during a user’s browsing session. The bug could allow one website to track other websites the user visits in different tabs or windows, as the database names are often specific to each website, and sometimes the database names contain user-specific identifiers that could reveal a user’s identity.

FingerprintJS has a live demo of the bug, which affects newer versions of browsers using Apple’s open source browser engine WebKit, including Safari 15 for macOS and Safari on all versions of iOS 15 and iPadOS 15. The bug also affects third-party browsers like Chrome and Edge on iOS 15 and iPadOS 15, as Apple requires all iPhone and iPad browsers to use WebKit.

The bug does not affect Safari 14 for macOS or any browser on iOS 14 and iPadOS 14, according to FingerprintJS, which has a blog post with more details.

Related Stories

Safari Bug Allows Websites to Track Your Recent Browsing Activity in Real Time [Updated]

A bug in WebKit’s implementation of a JavaScript API called IndexedDB can reveal your recent browsing history and even your identity, according to a blog post shared on Friday by browser fingerprinting service FingerprintJS.
In a nutshell, the bug allows any website that uses IndexedDB to access the names of IndexedDB databases generated by other websites during a user’s browsing session….

Apple Releases Minor iOS 15.2.1 and iPadOS 15.2.1 Updates

Apple today released minor 15.2.1 updates for iPhone and iPad users, and the software comes one month after Apple launched iOS 15.2 and iPadOS 15.2 with a slew of improvements.
The iOS 15.2.1 and iPadOS 15.2.1 update can be downloaded for free and the software is available on all eligible devices over-the-air in the Settings app. To access the new software, go to Settings > General >…

iOS 15.2.1 and iPadOS 15.2.1 Address HomeKit Vulnerability

Apple today released iOS 15.2.1 and iPadOS 15.2.1, minor updates that include an important security fix for a known HomeKit vulnerability that was first discovered last year.
According to Apple’s security support document for the update, it addresses an issue that could cause a maliciously crafted HomeKit name to result in a denial of service, causing iPhones and iPads not to work.
Apple…

Apple Seeds Second Betas of iOS 15.3 and iPadOS 15.3 to Developers

Apple today seeded the second betas of upcoming iOS 15.3 and iPadOS 15.3 updates to developers for testing purposes, with the new software coming three weeks after the launch of the first betas and a month after the launch of iOS 15.2 and iPadOS 15.2.
iOS and iPadOS 15.3 can be downloaded through the Apple Developer Center or over the air after the proper profile has been installed on an…

Google to Fix Bug That Disables Safari AMP Search Results on iOS 15 Devices

A bug in iOS 15 and iPadOS 15 is preventing Safari from loading AMP links for Google search results, but the issue is not intentional and Google is preparing a fix that’s set to be released in the near future.
Developer Jeff Johnson today published a blog post speculating on whether Google had intentionally disabled AMP links for Google search results in Safari on devices running iOS 15 (via …

DuckDuckGo Working on Privacy-Focused Desktop Browser for Mac

Popular privacy-first web browser DuckDuckGo is developing a dedicated desktop browser that will be available on the Mac, the company announced today in a year-end wrap-up article.
DuckDuckGo already offers a browser option that’s available on mobile devices, and when it launches, the desktop browser will offer a similar experience.
The DuckDuckGo desktop browser will have “robust privacy …

Apple Seeds First Public Betas of iOS 15.3 and iPadOS 15.3

Apple today seeded first betas of upcoming iOS 15.3 and iPadOS 15.3 updates to public beta testers, with the new software coming a few days after the launch of the first developer betas and a week after the release of iOS 15.2 and iPadOS 15.2.
iOS and iPadOS 15.3 can be downloaded over the air after the proper profile from Apple’s public beta testing website has been installed on an iPhone…

Video: Browsing the Web on Apple Watch With µBrowser

If you’ve ever wanted to have a web browser on your wrist, there’s now an app for that. µBrowser is an app designed to let you enter a web address or execute a search with DuckDuckGo so you can view websites on Apple Watch.
Subscribe to the MacRumors YouTube channel for more videos. Available for $0.99 from the App Store, µBrowser offers a lightweight browsing experience that’s useful if you …

Popular Stories

ProMotion Now Expected to Remain Exclusive to iPhone 14 Pro Models, Not Expand to Entire Lineup

Continuing the tradition set with the iPhone 13 Pro, only the highest-end iPhone 14 models will feature Apple’s ProMotion display technology, according to a respected display analyst.
Ross Young, who on multiple occasions has detailed accurate information about Apple’s future products, said in a tweet that ProMotion will not be expanded to the entire iPhone 14 lineup and will remain…

Safari Bug Allows Websites to Track Your Recent Browsing Activity in Real Time [Updated]

A bug in WebKit’s implementation of a JavaScript API called IndexedDB can reveal your recent browsing history and even your identity, according to a blog post shared on Friday by browser fingerprinting service FingerprintJS.
In a nutshell, the bug allows any website that uses IndexedDB to access the names of IndexedDB databases generated by other websites during a user’s browsing session….

New iPad Air Rumored to Launch This Spring With A15 Chip, 5G, Center Stage Camera, and More

Apple is planning to release a fifth-generation iPad Air with similar features as the sixth-generation iPad mini, including an A15 Bionic chip, 12-megapixel Ultra Wide front camera with Center Stage support, 5G for cellular models, and Quad-LED True Tone flash, according to Japanese blog Mac Otakara.
Citing reliables sources in China, the report claims that the new iPad Air could be…

Six Rumored Apple Products You’re Unlikely to See This Year

Much has been said about what consumers could see from Apple in 2022, but the company is also working on a handful of rumored products that aren’t expected to be unveiled for at least another 12 months, and in some cases a lot longer. Of course, that’s assuming they get released at all. Apple works on many potential products some of which ultimately never see the light of day. With that in…

AirPods Pro 2 Could Start a New Accessory Ecosystem

Apple’s second-generation AirPods Pro could arrive alongside a new series of accessories, recent leaked images suggest.
Alleged leaked photos of the next-generation AirPods Pro obtained by MacRumors showed a charging case with a metal loop on the side for attaching a strap. Apple has not used this design for any of its other AirPod models and it is unclear why it would be added in this…

Netflix Again Raises Prices for All Plans, 4K Streaming Now $20 Per Month

Netflix today updated the prices for its streaming plans, and all of its offerings are now more expensive. The Basic plan is now priced at $9.99 per month, the Standard plan is priced at $15.49 per month, and the Premium plan is priced at $19.99 per month.
The Basic plan is $1 more expensive, up from $8.99 per month. This plan allows users to watch on just one screen at a time, and it limits …

Developer Showcases Apple CarPlay Workaround for Teslas

A Tesla Model 3 owner has resorted to a workaround to implement Apple CarPlay in his vehicle, amid no sign of official support from Tesla (via Tesla North).
Apple CarPlay and Apple Music support are among the most-requested Tesla features, but with no indication that Tesla is willing to implement Apple CarPlay in its vehicles, Polish developer Michał Gapiński took matters into his own…

Top Stories: iPhone 14 Pro Rumors, iCloud Private Relay Controversy, iOS 15.2.1 Released, and More

Hole-punch? Pill? Hole-punch and pill? Rumors about what the front camera system on the iPhone 14 Pro will look like are evolving rapidly, and it now appears we might be getting a novel but potentially controversial design later this year.
Other major stories this week included some confusion and controversy about iCloud Private Relay being disabled for some T-Mobile customers, increasing…

Comments are closed.