A recently discovered vulnerability in Apple’s Safari web browser, CVE-2022-22594, could spill sensitive personal data, but you can patch it now by updating to Apple’s recently released iOS 15.3 and iPadOS 15.3, which were put out today.

The bug in question in is in Safari 15 and can actually leak your recent browsing history as well as personal identifiers, such as your Google User ID. The bug was discovered by researchers with security firm FingerprintJS, who found that a bug in Safari’s application of the Indexed DB API “lets any website track your internet activity and even reveal your identity.” Not a particularly fun thing to have happen.

“We checked the homepages of Alexa’s Top 1000 most visited websites to understand how many websites use IndexedDB and can be uniquely identified by the databases they interact with,” the report says. “The results show that more than 30 websites interact with indexed databases directly on their homepage, without any additional user interaction or the need to authenticate.”

The updates also fix another bug that Apple says may have been seeing active exploitation in the wild. This bug, tracked as CVE-2022-22587, is basically a memory corruption bug in the IOMobileFrameBuffer that, under the right circumstances, could lead to kernel-level code execution. According to Bleeping Computer, the complete list of impacted devices includes:
  • iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
  • MacOS Monterey

To get the latest fixes for your iPad and iPhone, you’ll simply want to go to Settings > General > Software Update. It’s as simple as that.