Recently, Apple is fixing a Safari vulnerability that can lead to the disclosure of users’ browsing history and Google ID. Apple has fixed the bug in iOS 15.3 RC and macOS Monterey 12.2 RC, both of which were released to developers and beta users on Thursday.
The vulnerability, first discovered by FingerprintJS, shows that websites can exploit a vulnerability found in IndexedDB, a Javascript API for storing data, to access a users recently visited URLs and even obtain a user’s Google ID and associated personal data.
FingerprintJS then built a demo site to show how the exploit works, and anyone can visit the site to see how it knows some URLs you’ve recently visited and details of your Google account. Testing has shown that iOS 15.3 and macOS Monterey 12.2 have fixed this vulnerability.
According to FingerprintJS, the vulnerability affects all versions of iOS 15 and macOS Monterey prior to today’s build. iOS 14 is not affected by the vulnerability, and users who still have Safari 14 on Macs running previous versions of macOS Monterey.