Apple has just released iOS 15.3, fixing several critical security issues, including a Safari problem that could leak sensitive personal info.
Apple has just released iOS 15.3, and while this latest update doesn’t add any significant new features, it addresses at least one critical security flaw. Earlier this month, software engineer Martin Bajanik of FingerprintJS found a serious vulnerability in Safari 15, the browser included in iOS 15 and iPadOS 15, that could leak browsing history information and even credentials from online services that a person is using, such as Google, YouTube, Amazon, and sites using WordPress. As Bajanik explains, many websites use an API called IndexedDB to request that browsers like Safari and Chrome store information in a local database on a person’s device. Under normal circumstances, a given website should only be able to request information about the databases that it created — any others should be invisible to it. Unfortunately, it turns out the Safari browser in iOS 15 wasn’t exactly respecting those rules. Although it wasn’t giving out any information stored in those databases, it was happily providing a full list of all the local databases to any website that asked.
