Apple today released iOS 15.3 and iPadOS 15.3 for all compatible iPhones and iPads. The update contains a major Safari 15-related security patch to prevent your personal data from leaking and allow websites to track your browsing history. The public release of the OS comes after just two beta releases and a Release Candidate build.
It was reported earlier this month that Safari 15’s implementation of the IndexedDB API is flawed, leading to the issue. The bug was first reported on November 28, 2021, but the Cupertino company took its own time fixing it.
What is IndexedDB?
IndexedDB is a low-level browser API that stores client-side information. It follows the same-origin policy that controls how scripts loaded from one origin can interact with resources from other origins. In short, a website isn’t allowed to snoop on other websites as it can only access data generated by it.
Safari 15 on macOS and all browsers on iOS and iPadOS 15 violate this same-origin policy, which has serious implications. With this bug, malicious websites can learn about your identity and link together multiple accounts that you use.
You can download the iOS 15.3 or iPadOS 15.3 update on your iPhone/iPad by navigating to Settings -> General -> Software Update. Alongside iOS 15.3, Apple also released macOS Monterey 12.2 with the same security patch for Safari. watchOS 8.4 has also been released for all compatible models, and it includes a fix for the Apple Watch Series 7 charging woes.
iOS 15.3 and macOS Monterey 12.2 do not contain any other changes. Apple is likely to seed the first beta of iOS 15.4 to developers and public beta testers soon with some major changes in tow.