Apple has fixed a Safari problem that exposed user information

As part of an effort to patch a Safari bug that disclosed browser history and certain Google data, Apple has released iOS 15.3 RC and macOS Monterey 12.2 RC to developers and beta users.

This comes after cybersecurity experts from FingerprintJS discovered a flaw in an Apple API called IndexedDB, which is used to store data in the browser.

Safari 15 has a security feature that stops malicious pages from reading data created by websites open in another tab when they are opened in one tab. The researchers discovered that the API ignores this regulation, instead creating a new database with much the same name in every other active frames, tabs, and windows in the same browser experience.

There hasn’t been a broader release yet

Researchers demonstrated that a rogue website visited in one tab might get data created by a malicious page in another tab. Furthermore, the weakness may be used to get data from Google accounts.

Google’s services (such as YouTube) create databases with the Google User ID included in their names. Other sites may be able to view this information since these IDs are used to access public information, such as a profile picture.

FingerprintJS has even created a special webpage to show how the issue works in the real world. According to 9to5Mac, testing for the issue on iOS 15.3 RC and macOS 12.2 RC devices has shown that the website no longer sees any data and that the user is not signed into their Google account.

The issue, according to the researchers, affects all iOS 15 and macOS Monterey versions up to this one. iOS 14, on the other hand, was unaffected, as were those still running Safari 14 on previous Mac versions.

Apple has yet to announce an official release date for these new operating system versions, but considering that the Release Candidate version has already been distributed, it’s reasonable to presume it won’t be long.