Earlier this week, FingerprintJS revealed a serious bug in Apple’s Safari web browser that lets anyone extract a user’s browsing history and even Google User IDs. As expected, Apple is now working on a fix for this bug, which is expected to be released to users very soon.
Based on a WebKit commit on GitHub, Apple engineers are already preparing a fix for the Safari bug that leaks user data. For those unfamiliar, WebKit is Apple’s browser engine that powers Safari and other web browsers. Since WebKit is an open-source engine, updates related to the bug are public and can now be seen on GitHub.
More specifically, the bug was found in the implementation of IndexedDB, which is a Javascript API used to store data. Malicious websites can use the exploit to see URLs recently visited by a user and even obtain your Google User ID, which can be used to find personal information about you.
Apple hasn’t provided details on when the fix will be available to users. However, as noted by MacRumors, the fix requires Apple to release updated builds of iOS 15 and macOS Monterey to include a new version of Safari using the latest WebKit engine.
Apple is currently running tests with iOS 15.3 beta and macOS Monterey 12.2 beta, so perhaps the next beta updates will bring the fix for the Safari bug. It’s worth noting that the WebKit version used in Safari 14, which is the one for iOS 14, is not affected by the bug.
More details about the exploit can be found on the FingerprintJS website.