Less than 1 month until TNW Conference 2022 in Amsterdam – get your tickets now! →

Your sardonic source for consumer tech stories

This article was published on January 20, 2022

Safari bug is leaking users’ browsing history — but a fix is on the way (Updated)

Don't use Safari for now

Safari bug is leaking users’ browsing history — but a fix is on the way (Updated)
Ivan Mehta
Story by

Ivan Mehta

Ivan covers Big Tech, India, policy, AI, security, platforms, and apps for TNW. That's one heck of a mixed bag. He likes to say "Bleh." Ivan covers Big Tech, India, policy, AI, security, platforms, and apps for TNW. That's one heck of a mixed bag. He likes to say "Bleh."

(Update January 27, 2022, 10:00AM IST): Apple has released stable versions of iOS 15.3 and macOS Monetery 12.2, so you should update your systems now. On iPhones, go to Settings > General > Software Update to do it; on Macs go to Apple Menu > About this Mac > Software Update to install the new version.

(Update January 21, 2022, 10:15PM IST): Apple has released an iOS 15 RC 3 update to fix the WebKit bug leaking your browsing history. This update will be rolled out to users soon after beta testing by developers.

If you use an Apple device, chances are that Safari is your default browser. If that’s the case, you’ll want to avoid using Safari for a bit because a bug in the app could leak your entire browsing history.

Last week,  the team behind  FingerprintJS, a browser fingerprinting library, wrote a blog post about a vulnerability in Safari 15 that gives away your browser history. By exploiting this bug, an attacker can learn about what websites you’re visiting, and even see your Google ID for services like YouTube, Google Calendar, and Google Keep. You can read more about it here.

You can also look at the video below to understand how this bug works.

How bad is it?

As the bug is in WebKit, Apple‘s browser rendering engine, it affects Safari 15 on macOS, and all browsers on iOS 15 and iPadOS 15. So it’s a pretty helpless situation for iOS device users. But if you’re using a Mac, you can switch to Chrome, Edge, or any other browser for now.

A fix is on the way

WebKit’s GitHub repository suggests that Apple engineers have already worked on some potential fixes. But that doesn’t mean you’re safe automatically. Apple has to update the Safari browser with a fix, and it’s not that straightforward.

As the company has baked Safari into its operating system, it’s not simply the matter of issuing an app update. As Joe Rossignol, a reporter at MacRumors tweeted, the firm has to issue an emergency operating system update for macOS, iOS, and iPadOS.

If you’re using older Mac versions like Big Sur or Catalina, you’ll be able to get a standalone update. We’ll keep an eye out for Apple‘s bug-fixing release, and update this story.

Get the Plugged newsletter

Subscribe to our snarky newsletter all about consumer tech.

Also tagged with


Published
Back to top