Apple Working on Fix For Safari Bug that Potentially Leaks Browsing History

Earlier this week, FingerprintJS discovered that a pretty serious bug existed within Safari. This bug in question is leaving users vulnerable as it allows others to extract browsing data as well as Google User IDs. However, it’s now said that Apple is working on a fix.

Apple engineers are currently preparing to launch a fix for the bug. According to a WebKit commit on GitHub, reported by MacRumors, the fix is in the works.

However, it doesn’t appear that Apple will be releasing the fix until macOS Monterey, iOS 15, and iPadOS 15 updates are ready with an updated version of Safari.

The bug in question has been found in the implementation of IndexedDB, which in and of itself is a Javascript API. The API is used to store data, even data that can leave users vulnerable. This exploit can enable websites to see specific URLs a user has visited as well as grant access to Google User ID information.

There’s currently no timeline on when the fix will be made available to users. Currently, Apple is testing the iOS 15.3 beta and macOS Monterey 12.2 beta. It may be safe to say that the next beta update will begin to introduce a fix for the bug.

As previously noted by FingerprintJS, the bug does not affect Safari 14 on macOS or browsers on iOS 14 and iPadOS 14 devices.