Apple iOS / iPadOS 15.3 RC released, fixes Safari browser privacy vulnerability

On January 21, Apple pushed the iOS/iPadOS 15.3 RC update (internal version number: 19D49) to iPhone and iPad users today. This update was released 5 weeks after the last release.

This update resolves a Safari bug that could cause a user's recent browsing history and identity details to be disclosed to malicious entities.

The vulnerability allows any website that uses IndexedDB for client-side data storage to access the names of IndexedDB databases generated by other websites during a user's browsing session. This bug could allow a website to track other websites a user visits in different tabs or windows, and because database names tend to be unique to each website and sometimes contain user-specific identifiers, the user's identity could be exposed.

Browsers using Apple's WebKit engine are affected, including Safari 15 for Mac and Safari for iOS 15 and iPadOS 15. Some third-party browsers such as Chrome were also affected on iOS and iPadOS 15, but the macOS Monterey 12.2, iOS 15.3, and iPadOS 15.3 updates fixed the vulnerability.