Apple Patches Safari Bug That Could Expose Users’ Internet Activity
Apple has released iOS 15.3 and iPadOS 15.3. This update contains several bug fixes and security patches, including a fix for a bug in the Safari 15 web browser. This allowed websites to track the user’s internet activity.
Apple writes in its patch notes that iOS and iPadOS 15.3 includes “bug fixes and security updates.” On its website, the company reports that the update resolves, among other things, four different vulnerabilities in the WebKit browser engine. This includes the aforementioned bug in Safari 15. That bug involved a vulnerability in the WebKit implementation of the IndexedDB api, which allowed any website to track a user’s Internet activity and obtain the unique Google user ID. WebKit is used by Safari and all other web browsers available on iOS.
Furthermore, several vulnerabilities in ColorSync, iCloud, IOMobileFrameBuffer and the iOS kernel are fixed. It does not appear that the update contains any new features. Last month, Apple released iOS 15.2, which added the App Privacy Report and a digital legacy feature to the mobile OS, among other things. iOS 15.2.1 later followed, in which a HomeKit vulnerability was patched. Users can install iOS 15.3 and iPadOS 15.3 through the settings, under ‘general’ and ‘software update’.