Following recent reports on a Safari bug that could let websites track users’ browsing histories and access Google IDs on iOS 15 and iPadOS 15, Apple is preparing a fix. However, the fix will not be available to users until Apple releases macOS Monterey, iOS 15 and iPadOS 15 updates with an updated version of Safari.
The bug was found in an API (IndexedDB) which is used and supported by major web browsers and could be used by attackers to find out many things about the user browsing. It could allow one website to track other websites the user visits in different tabs or windows.
Database names are normally specific to each website, and can sometimes contain user-specific identifiers that could reveal the identity of the user. In short, the bug allows websites to potentially gain access to a person’s Google ID.
Apple has not yet provided information about when the fix will be available to users. The Cupertino firm is currently running tests with iOS 15.3 beta and macOS Monterey 12.2 beta, so it will be interesting to see whether the fix for the Safari bug comes with the next beta updates.
Note that the vulnerability does not affect Safari 14 for macOS or any browser on iOS 14 and iPadOS 14, according to the browser fingerprinting service FingerprintJS, which has provided further information on the bug in a blog post.