The Future Is Here
We may earn a commission from links on this page

Go Update Your iPhone Right Now to Fix This Giant Safari Security Bug

You're going to want to update to iOS 15.3 immediately to avoid a glaring security vulnerability in Safari that can leak your browser history.

Image for article titled Go Update Your iPhone Right Now to Fix This Giant Safari Security Bug
Photo: Jaap Arriens/NurPhoto (Getty Images)

Patch alert: You’re going to want to run—not walk—to your iPhone and iPad to update them right now.

A recently discovered vulnerability in Apple’s Safari web browser, CVE-2022-22594, could spill sensitive personal data, but you can patch it now by updating to Apple’s recently released iOS 15.3 and iPadOS 15.3, which were put out today.

Advertisement

The bug in question in is in Safari 15 and can actually leak your recent browsing history as well as personal identifiers, such as your Google User ID. The bug was discovered by researchers with security firm FingerprintJS, who found that a bug in Safari’s application of the IndexedDB API “lets any website track your internet activity and even reveal your identity.” Not a particularly fun thing to have happen.

Advertisement

“We checked the homepages of Alexa’s Top 1000 most visited websites to understand how many websites use IndexedDB and can be uniquely identified by the databases they interact with,” the report says. “The results show that more than 30 websites interact with indexed databases directly on their homepage, without any additional user interaction or the need to authenticate.”

Advertisement

However, 9to5Mac tested today’s updates and found that it has fixed the Safari security vulnerability in question. Good news.

But wait, there’s more!

The updates also fix another bug that Apple says may have been seeing active exploitation in the wild. This bug, tracked as CVE-2022-22587, is basically a memory corruption bug in the IOMobileFrameBuffer that, under the right circumstances, could lead to kernel-level code execution. According to Bleeping Computer, the complete list of impacted devices include:

  • iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
  • MacOS Monterey

Wednesday’s updates don’t otherwise have any user features and are solely about fixing bugs, Apple Insider reports.

Advertisement

To get the latest fixes for your iPad and iPhone, you’ll simply want to go to Settings > General > Software Update. It’s as simple as that.

Patch. Do it now. And then get back to browsing in peace.