Apple has fixed the Safari bug that leaks your browsing history thanks to iOS 15.3 on iPhone, iPadOS 15.3 on iPad and macOS 12.2 on Mac. The release candidate for these versions was released yesterday.
Safari’s ugly bug with history is now fixed
This fix is not really a surprise. A few days ago, we reported that Apple changed the code for WebKit, Safari’s rendering engine, on GitHub to include a way to prevent sites from collecting your browsing history. It is now available with the release candidate of iOS 15.3 and macOS 12.2 which concerns developers and public testers. The final version for everyone should logically arrive next week.
With the bug, any site using IndexedDB can know the names of other IndexedDB databases that have been generated by other sites on Safari. This is a way to know the recent browsing history of the user. Sites should normally only have access to their own database. The problem actually goes further since some databases have specific identifiers and not randomly generated identifiers. This is particularly the case of Google, which chooses the unique identifier of each user as a name. This identifier can be used to have information about the identity of the user.
It is good to remember that Apple took its time to correct this bug. Indeed, it was publicly unveiled last week, but researchers privately reported it to Apple last November. Apple has only reacted in recent days because there have been several articles dealing with the subject.