01-24-2022 , 11:28 PM
https://www.macobserver.com/news/apple-f...this-week/ Apple Fix for Safari Data Leak Could Come This Week
Jeff Butts
@clefmeister
1 minute read
Jan 24th, 2022 3:39 PM EST | News
The IndexedDB leak that allows Safari 15 to leak your Google ID to third parties will soon be fixed. Last week, Apple distributed Release Candidates of macOS Monterey 12.2 and iOS 15.3 to developers. The Safari data leak is one of the security issues included in the new OS builds.
Safari 15 Is as Leaky as a Sieve
In early January 2022, development team FingerprintJS released a report that showed a Safari 15 IndexedDB bug leaking your internet activity to any website. Apple engineers began working on a fix, but didn’t give any estimate as to its rollout.
This leak involves Safari violating the “same-origin policy”. This security feature restricts how documents or scripts loaded from one origin can interact with resources from other origins. Avoiding the bug was easy on the Mac, since it only affects Safari. However, iOS is a different story because all browsers on the mobile platform have to use the WebKit browser engine, which includes the bug.
A Fix for the Safari Data Leak
The fix for this dangerous exploit may arrive as early as this week. After just two beta builds, Apple rolled out its Release Candidates for iOS 15.3. At the same time, the Cupertino-based company issued the macOS Monterey 12.2 Release Candidate. While Apple hasn’t explicitly stated the new software builds fix the Safari leak, testing shows that it does. With the latest iOS 15.3 Release Candidate, the demo website FingerprintJS built to show the bug no longer shows leaked data.
Internal testing by the folks at 9to5Mac shows macOS Monterey 12.2 Release Candidate also includes the fix. The exploit affected all iOS 15 and macOS Monterey releases before this latest.
While Apple never announces an exact date new versions will roll out to customers, it usually happens within a few days of a Release Candidate. Therefore, we can probably expect the new version to be available via Software Update in the coming days.
Jeff Butts
@clefmeister
1 minute read
Jan 24th, 2022 3:39 PM EST | News
The IndexedDB leak that allows Safari 15 to leak your Google ID to third parties will soon be fixed. Last week, Apple distributed Release Candidates of macOS Monterey 12.2 and iOS 15.3 to developers. The Safari data leak is one of the security issues included in the new OS builds.
Safari 15 Is as Leaky as a Sieve
In early January 2022, development team FingerprintJS released a report that showed a Safari 15 IndexedDB bug leaking your internet activity to any website. Apple engineers began working on a fix, but didn’t give any estimate as to its rollout.
This leak involves Safari violating the “same-origin policy”. This security feature restricts how documents or scripts loaded from one origin can interact with resources from other origins. Avoiding the bug was easy on the Mac, since it only affects Safari. However, iOS is a different story because all browsers on the mobile platform have to use the WebKit browser engine, which includes the bug.
A Fix for the Safari Data Leak
The fix for this dangerous exploit may arrive as early as this week. After just two beta builds, Apple rolled out its Release Candidates for iOS 15.3. At the same time, the Cupertino-based company issued the macOS Monterey 12.2 Release Candidate. While Apple hasn’t explicitly stated the new software builds fix the Safari leak, testing shows that it does. With the latest iOS 15.3 Release Candidate, the demo website FingerprintJS built to show the bug no longer shows leaked data.
Internal testing by the folks at 9to5Mac shows macOS Monterey 12.2 Release Candidate also includes the fix. The exploit affected all iOS 15 and macOS Monterey releases before this latest.
While Apple never announces an exact date new versions will roll out to customers, it usually happens within a few days of a Release Candidate. Therefore, we can probably expect the new version to be available via Software Update in the coming days.