Security News > 2022 > January > Apple preps fix for Safari's web-history-leaking IndexedDB privacy bug

Apple is preparing to repair a bug in its WebKit browser engineer that has been leaking data from its Safari 15 browser at least since the problem was reported last November.

Updates made available on Thursday to Apple developers - iOS 15.3 RC and macOS 12.2 RC - reportedly fix the flaw, an improper implementation of IndexedDB API that allows websites to track users and potentially identify them.

The bug affects Apple's Safari 15 browser on macOS, and all browsers on iOS and iPadOS 15 - because Apple requires all browsers on iOS to be based upon its WebKit engine, instead of alternatives like Chromium's Blink or Mozilla's Gecko.

Js, a maker of fraud and bot detection libraries, disclosed the privacy issue to Apple on November 28 last year and then posted publicly about the problem on January 14 because Apple failed to respond in a timely manner.

"On OSX, Safari users can switch to another browser to avoid their data leaking across origins. iOS users have no such choice, because Apple imposes a ban on other browser engines."

The situation was similar last year when a localStorage bug surfaced in May. Though Apple's WebKit engineers, to their credit, responded immediately, that repair wasn't available until July when Apple released Safari 14.1.2.

News URL

https://go.theregister.com/feed/www.theregister.com/2022/01/21/apple_safari_webkit_indexeddb/