Apple has released updates to iOS, iPadOS, macOS, and watchOS that fix a major vulnerability in Safari.
A vulnerability was discovered in Safari earlier this month by FingerPrintJS, one that let “any website track your internet activity and even reveal your identity.” The issue revolved around Apple’s implementation of IndexedDB, a common API that most browsers use to store data. Unfortunately, Apple’s implementation leaked user data.
While Apple doesn’t go into detail on the specifics of security fixes when it releases an update, to prevent the issue from being further exploited, the most recent OS updates specifically list CVE-2022-22594, the ID used to identify the flaw. The release notes also credit FingerPrintJS for discovering the bug.
Impact: A website may be able to track sensitive user information
Description: A cross-origin issue in the IndexDB API was addressed with improved input validation.
CVE-2022-22594: Martin Bajanik of FingerprintJS
Needless to say, all Apple users should update their various devices immediately. This is especially important on iOS, since all iOS web browsers use Safari’s rendering engine.