Patch alert: You’re going to want to run — not walk — to your iPhone and iPad to update them right now.
A recently discovered vulnerability in Apple’s Safari web browser, CVE-2022-22594, could spill sensitive personal data, but you can patch it now by updating to Apple’s recently released iOS 15.3 and iPadOS 15.3, which were put out today.
The bug in question in is in Safari 15 and can actually leak your recent browsing history as well as personal identifiers, such as your Google User ID. The bug was discovered by researchers with security firm FingerprintJS, who found that a bug in Safari’s application of the IndexedDB API “lets any website track your internet activity and even reveal your identity.” Not a particularly fun thing to have happen.
“We checked the homepages of Alexa’s Top 1000 most visited websites to understand how many websites use IndexedDB and can be uniquely identified by the databases they interact with,” the report says. “The results show that more than 30 websites interact with indexed databases directly on their homepage, without any additional user interaction or the need to authenticate.”
However, 9to5Mac tested today’s updates and found that it has fixed the Safari security vulnerability in question. Good news.
But wait, there’s more!
The updates also fix another bug that Apple says may have been seeing active exploitation in the wild. This bug, tracked as CVE-2022-22587, is basically a memory corruption bug in the IOMobileFrameBuffer that, under the right circumstances, could lead to kernel-level code execution. According to Bleeping Computer, the complete list of impacted devices include:
-
iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
-
MacOS Monterey
Wednesday’s updates don’t otherwise have any user features and are solely about fixing bugs, Apple Insider reports.
To get the latest fixes for your iPad and iPhone, you’ll simply want to go to Settings > General > Software Update. It’s as simple as that.
Patch. Do it now. And then get back to browsing in peace.
Editor’s Note: Release dates within this article are based in the U.S., but will be updated with local Australian dates as soon as we know more.