What you need to know
- A Safari bug could allow websites to see which other websites you've been visiting.
- Apple is aware of the bug and is working to implement a fix.
- Any fix will require that Apple rolls out updates to iOS, iPadOS, and macOS.
Apple is working on fixing a bug in Safari that could allow websites to see other sites that you recently visited. However, the fix will require updates to iOS 15, iPadOS 15, and macOS Monterey to be released.
The bug, shared by FingerprintJS last week, stems from the use of IndexedDB databases by websites. According to the initial report, it seems that Safari is allowing websites that use IndexedDB to see all other IndexedDB databases used during a browsing session. That could allow websites to see which other websites are being visited, for example.
You can see how the bug works and the data it could access in this video created by FingerprintJS.
Apple is now aware of the bug and has a fix coming according to the Webkit GitHub page. However, that fix won't be implemented until a full iOS, iPadOS, or macOS update is available and there is no telling when that will be the case.
As troubling as this bug is, Safari is still one of the best Mac web browsers around and is arguably the only one people are likely to be used on iPhones and iPads. If you're at all concerned about this bug and the information it could be leaking, use an alternative browser like Google Chrome while you wait for the Safari fix to be implemented.