The IndexedDB leak that allows Safari 15 to leak your Google ID to third parties will soon be fixed. Last week, Apple distributed release candidates for macOS Monterey 12.2 and iOS 15.3 to developers. Safari data leakage is one of the security issues included in new versions of the operating system.
Safari 15 is as leaky as a sieve
In early January 2022, the FingerprintJS development team released a report that showed a Safari 15 IndexedDB bug leaking your internet activity to any website. Apple engineers have started working on a fix, but have given no estimates on when to roll it out.
This leak implies that Safari violates the “same-origin policy”. This security feature restricts how documents or scripts uploaded from one origin can interact with resources from other origins. Avoiding the bug was easy on Mac, as it only affects Safari. However, iOS is another story because all browsers on the mobile platform must use the WebKit browser engine, which includes the bug.
A Fix for Safari Data Leak
The fix for this dangerous exploit could arrive as early as this week. After only two betas, Apple has rolled out its Release Candidates for iOS 15.3. At the same time, the Cupertino-based company released macOS Monterey 12.2 release candidate.
Although Apple hasn’t explicitly stated that new software releases fix the Safari leak, testing shows that it does. With the latest release candidate of iOS 15.3, the FingerprintJS demo website designed to show the bug no longer displays the leaked data.
Internal testing by people at 9to5Mac shows that macOS Monterey 12.2 Release Candidate also includes the fix. The exploit affected all versions of iOS 15 and macOS Monterey before it.
While Apple never announces the exact date that new builds will roll out to customers, it usually happens a few days after a release candidate. Therefore, we can probably expect the new version to be available via Software Update in the next few days.