If you use an Apple device, chances are that Safari is your default browser. If that’s the case, you’ll want to avoid using Safari for a bit because a bug in the app could leak your entire browsing history.
Last week, the team behind FingerprintJS, a browser fingerprinting library, wrote a blog post about a vulnerability in Safari 15 that gives away your browser history. By exploiting this bug, an attacker can learn about what websites you’re visiting, and even see your Google ID for services like YouTube, Google Calendar, and Google Keep. You can read more about it here.
You can also look at the video below to understand how this bug works.
How bad is it?
As the bug is in WebKit, Apple‘s browser rendering engine, it affects Safari 15 on macOS, and all browsers on iOS 15 and iPadOS 15. So it’s a pretty helpless situation for iOS device users. But if you’re using a Mac, you can switch to Chrome, Edge, or any other browser for now.
A fix is on the way
WebKit’s GitHub repository suggests that Apple engineers have already worked on some potential fixes. But that doesn’t mean you’re safe automatically. Apple has to update the Safari browser with a fix, and it’s not that straightforward.
As the company has baked Safari into its operating system, it’s not simply the matter of issuing an app update. As Joe Rossignol, a reporter at MacRumors tweeted,
the firm has to issue an emergency operating system update for macOS, iOS, and iPadOS.
Safari updates are still coupled to the operating system, so Apple will need to release macOS Monterey, iOS 15, and iPadOS 15 updates with a security fix.
Apple does offer standalone Safari updates for older macOS versions, so also expect a Safari update for Big Sur + Catalina.
— Joe Rossignol (@rsgnl) January 19, 2022
If you’re using older Mac versions like Big Sur or Catalina, you’ll be able to get a standalone update. We’ll keep an eye out for Apple‘s bug-fixing release, and update this story.