Apple dropped a series of updates on January 26th that fix a previously reported WebKit bug that could allow websites to see other sites you accessed on your Apple device.
If you use an iPhone or iPad, you’ll want to update to iOS or iPadOS 15.3 as soon as possible to fix the bug. There’s less of a rush for Mac users to update since they can mitigate the bug by using other web browsers — however, if you regularly use Safari on your Mac, you should download the Safari 15.3 update right away.
The bug, first reported to Apple in late November by FingerprintJS, affects web browsers that use WebKit, the open-source foundation for Apple’s Safari browser. Apple also mandates the use of WebKit on iOS and iPadOS, meaning any browser made for Apple’s mobile OS (including Chrome, Firefox, et al.) is also impacted by the bug.
A short explanation is that WebKit’s implementation of a commonly-used JavaScriptAPI for storing web data on devices allowed websites to view the names of other sites that had stored data on a given device. Typically, browsers apply same-origin policy to prevent this. You can learn more about the bug and how it works here.
The iOS 15.3, iPadOS 15.3, and Safari 15.3 updates all include a fix for the issue. It’s good to see the fix applied, especially after FingerprintJS highlighted Apple’s lack of response earlier this month.
9to5Mac confirmed that a beta version of the update fixed the problem using a demo tool provided by FingerprintJS on its website.
If you use an Apple device, you’ll want to install the update right away. Here’s how:
- iPhone/iPad – Open Settings > General > Software Update.
- macOS – Click the ‘Apple’ menu in the top-left corner > System Preferences > Software Update > Update Now (You can also click ‘More info’ to view a list of available updates and specifically install the Safari update).
Source: Apple (iOS/iPadOS | Safari) Via: The Verge
MobileSyrup may earn a commission from purchases made via our links, which helps fund the journalism we provide free on our website. These links do not influence our editorial content. Support us here.